Add by RSS Feed
Get the Android app
Get the iOS app
The Gate 15 Podcast Channel
The Gate 15 Company is a leader in helping organizations by providing threat-informed, risk-based approaches to analysis, preparedness and operations.
5 days ago
The Risk Roundtable EP 32: A true all-hazards discussion - cannabis, the Hard Reset, cyber, and monkeypox!
Ben Taylor, Executive Director of Cannabis ISAO, channels his inner Wolverine and makes his third stop on the Gate 15 podcasts as he joins Andy to talk about all things Cannabis as well as the collaborative effort to publish a joint security analysis around the Hard Reset. Dave then joins Andy to talk about recent cyber reporting and the value that they provide to organizations as they go beyond the numbers. Ensuring the episode hits key all-hazards, Andy and Dave discuss monkeypox and the lessons that can be applied from COVID that can help individuals and organizations make responsible, risk-informed decisions. Cannabis ISAO: Cannabis MSO Shares Cyber Threat Report: https://cannabisisao.org/2022/07/directors-cut-july-1-2022/ Risky Biz News, with Catalin Cimpanu (everyone with interests in cybersecurity should be subscribed to this), from 06 Jul 22: https://riskybiznews.substack.com/p/risky-biz-news-china-faces-its-first Cannabis ISAO on the Hard Reset: https://cannabisisao.org/2022/07/directors-cut-july-15-2022/ Andy’s tweet on the Hard Reset report: https://twitter.com/andyjabbour/status/1550252329378713602?s=21&t=Kbwk6HAVKIkKf7xGrRUXrQ Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde. https://gate15.global/nerd-out-security-panel-discussion-ep-27-the-hard-reset-and-uvalde/ Cannabis ISAO website: https://cannabisisao.org Cannabis ISAO blog and Director’s Cut posts Ben’s previous pods Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO! https://cannabisisao.org/home/blog/ The Gate 15 Interview: Ben Taylor, on Cannabis ISAO, Cannabis Industry security, cybersecurity, rescue dogs and more! Monkeypox WHO Director-General's statement at the press conference following IHR Emergency Committee regarding the multi-country outbreak of monkeypox - 23 July 2022 CDC Monkeypox Statement from Raj Panjabi, Director of White House Pandemic Preparedness Office, on World Health Organization Declaration on Monkeypox FACT SHEET: Biden-Harris Administration’s Monkeypox Outbreak Response IBM Cost of a Data Breach Report Proofpoint State of Phish Report SEKOIA.IO Mid-2022 Ransomware Threat Landscape ENISA Ransomware: Publicly Reported Incidents are only the tip of the iceberg & ENISA Threat Landscape for Ransomware Attacks. Kim Milford, Executive Director, REN-ISAC interviewed in How Are K-12 and Higher Education Faring Against Ransomware? Andy’s thread with KELA and noting The Record: Ransomware group demands £500,000 from British schools, citing cyber insurance policy The Gate 15 Interview: Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more! Homeland Security Today: hstoday.com
Jul 24, 2022
The Gate 15 Interview EP 25. Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Amanda Berlin and Megan Roddie, cybersecurity leaders & mental health hackers, and they’ve got their hands in a lot more too! Amanda is the Lead Incident Detection Engineer at Blumira and has worked in I.T. for almost her entire adult life. Before working at Blumira, Amanda’s responsibilities have included infrastructure security, network hardware and software repair, email management, network/server troubleshooting and installation, purple teaming with a focus on phishing employees and organizational infrastructure as well as teaching employees about security and preventing exploits. She currently serves as the Chief Executive Officer for Mental Health Hackers and is the co-host of the Brakeing Down Security Podcast (BrakeSec Podcast, @brakesec)! Megan is a Senior Security Engineer at IBM, Co-Author of SANS FOR509 and has worked in cybersecurity since graduating from Sam Houston State University (and while she was still a student!). Previous roles have been with the Texas Department of Public Safety, Recon InfoSec, and with IBM’s X-Force. She currently serves as the Chief Financial Officer for Mental Health Hackers. Megan is also a Muay Thai fighter and coach. Follow Mental Health Hackers on Twitter! @HackersHealth Follow Amanda on Twitter at @InfoSystir and on LinkedIn and follow Blumira on Twitter! Follow Megan on Twitter at @megan_roddie and on LinkedIn. In the discussion we address: Amanda & Megan’s backgrounds and origin stories Awesome tips for breaking into security! DEFCON and how to score a free breakfast at DEFCON!! Mental Health Hackers The Brakeing Down Security podcast Muay Thai, Musicals, Apples & Bannanas! Fruits, music and so much more! A few references mentioned in or relevant to our discussion include: Mental Health Hackers website Mental Health Hackers on Twitter! @HackersHealth Amanda on Twitter at @InfoSystir and on LinkedIn. Megan on Twitter at @megan_roddie and on LinkedIn. Tom Williams on Twitter: @ginger_hax Amanda’s InfoSec Staples tweet - https://twitter.com/infosystir/status/972906318875983873?s=21&t=CCp0CmDgDcZXQVWtnpEXEA Blackhat USA 2022 - https://www.blackhat.com/us-22/defcon.html?_mc=sem_bhus_sem_bhus_x_tspr_Google_defcon30_bhusagcompetitvedefcon30_2022&gclid=Cj0KCQjwn4qWBhCvARIsAFNAMihsrClH8Aygi2UnTsbSus3teDdktlK2NiamBzyAORwM5nHcaE4pynwaArHkEALw_wcB DEFCON 30 - https://defcon.org 10th Annual Brazilian Jiu-Jitsu Smackdown. A Brazilian Jiu-Jitsu event for information security professionals hosted by Jeremiah Grossman during Black Hat and Defcon - https://www.eventbrite.com/e/10th-annual-brazilian-jiu-jitsu-smackdown-tickets-348058561527 Amanda’s Book! Defensive Security Handbook: Best Practices for Securing Infrastructure (1st Edition) - https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 Megan’s SANS Course! FOR509 Course Update - Introducing Google Workspace, the Multi-Cloud Intrusion Challenge - https://www.sans.org/blog/for509-course-update---introducing-google-workspace-the-multi-cloud-intrusion-challenge-and-more/
1 hr 1 min
Jul 21, 2022
Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde
In the latest of Nerd Out, Bridget and Dave talk about all things extremism with the most recent publication of "The Hard Reset" as well as the latest accelerationist document "Make it Count". Specifically they discussed: * the contents of the documents, * the wide ranging themes, * the targets mentioned tactics and techniques, * how this information could be used, * what organizations can do * the recent joint product with contributors from multiple ISAC / ISAO, partners, and agencies Then Dave and Bridget talked through the Uvalde school shooting and the recent lessons learned report from the Texas House of Representatives and how organizations can use the report to review their own security as well as avoid some of the issues identified. Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
1 hr 1 min
Jul 4, 2022
Risk Roundtable EP 31: A 4th of July Security Mindfulness Special
On America's Independence Day, Andy and Dave pulled up to discuss the latest security challenges organizations face. Starting with the recent Copenhagen incident, they talked continued a previous discussion about the noise surrounding hostile events and how they distract from the real issues. Working back to the hostile events attack cycle, Andy brought up the numerous resources, many low-cost, that organizations can leverage as they continue to build out their state of preparedness. Dave and Andy also talked about drones, their continued risk, as well as the latest efforts by the U.S. government to start to address the risk. Finally, the roundtable talked about weather events and wildfires to round about the holiday special. And even though Jen was enjoying much deserved time off, Andy made sure to bring up cyber related threats and items of interest. But no episode is complete without Andy's three questions. This month, they talked about Obi Wan (and Star Wars in general), music, and 4th of July memories! Links to items discussed in the episode include: Copenhagen shooting: Shopping mall gunman charged with murder (BBC, 4 July 2022) https://www.bbc.com/news/world-europe-62034089 Andy’s Tweet on conspiracy theories https://twitter.com/andyjabbour/status/1543935473088925697?s=20&t=5L8OF3My0RCPxfC5ZEBibg Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ Run. Hide. Fight. (FBI) https://www.fbi.gov/video-repository/run-hide-fight-092120.mp4/view Run. Hide. Tell. (UK) https://www.npcc.police.uk/StaySafeAssets/FINAL%20MPS168715%20Run%20Tell%20Hide%20A5%20Lflt%20Blk%20Eng%20v3.pdf Gate 15 Resources Pages https://gate15.global/resources/ Faith-Based ISAO Resources Pages https://faithbased-isao.org/resources/ What's YOUR Plan, by James DeMeo on Amazon https://www.amazon.com/Whats-YOUR-Plan-James-DeMeo/dp/099892864X Andy’s Tweet on his time discussing Hostile Events, Active Shooter and De-escalation at Loudoun Hunger Relief/@LoudounHunger. https://twitter.com/andyjabbour/status/1542876302058946571?s=20&t=YbaxIcwp_-rArFWa2WSWRg Andy’s Tweet on Outlook Rules https://twitter.com/andyjabbour/status/1543668162780139520?s=20&t=YbaxIcwp_-rArFWa2WSWRg White House, FACT SHEET: The Domestic Counter-Unmanned Aircraft Systems National Action Plan (25 April 2022) https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/25/fact-sheet-the-domestic-counter-unmanned-aircraft-systems-national-action-plan/ A Drone Tried to Disrupt the Power Grid. It Won't Be the Last; An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it (Brian Barrett/@brbarrett in WIRED, 25 Nov 2021) https://www.wired.com/story/drone-attack-power-substation-threat/ Drone shows instead of July 4 fireworks? More Colorado communities are making the switch for fire safety (Matt Bloom, CPR News, 01 Jul 2022) https://www.cpr.org/2022/07/01/july-4-fireworks-drone-shows-wildfire-risk-colorado/ “Singles” soundtrack info on Wikipedia and listen on Spotify https://open.spotify.com/album/58BEJ01sL8wK5LV3TPyngC?si=wQzLq88lSx6iuQDurXsvhA&nd=1 “No Woman. No Cry.” From The Office via Yarn, and the legendary song by Bob Marley & The Wailers (1974) https://open.spotify.com/track/3PQLYVskjUeRmRIfECsL0X?si=5159bc1a07484b29&nd=1
Jun 26, 2022
The Gate 15 Interview EP 24. Scott Algeier on information sharing, critical infrastructure, cybersecurity, and more
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Scott Algeier, Founder, President and CEO, Conrad, Inc. Cybersecurity Consulting. “Scott C. Algeier works at the intersection of cybersecurity policy and operations. He is the Founder, President and CEO of cybersecurity consulting firm Conrad, Inc., Executive Director of the Information Technology – Information Sharing and Analysis Center (IT-ISAC). Conrad, Inc. provides strategic policy and business consulting services to businesses and not for profit organizations focused on cyber security and critical infrastructure protection (CIP). Scott engages senior level policy makers in industry and government, domestically and internationally, on behalf of his clients. This includes direct engagement in the development of the nation’s most significant domestic cybersecurity and CIP policies and operational plans.” To learn more about Conrad, Inc, visit the Conrad website and connect on Twitter and you can follow and learn more about Scott on LinkedIn. “building partnerships is in large part being able to find common ground” In the discussion we address: Scott’s work at Conrad, Inc. Cybersecurity Consulting and his work with IT-ISAC and other information sharing communities. Working with critical infrastructure Building communities of trust The state of private-public partnerships The war in Ukraine and the enduring Russian cyber threat Making cybersecurity a kitchen table issue And a lot more! A few references mentioned in or relevant to our discussion include: Conrad website: https://www.conradinc.biz Some of Conrad’s clients: https://www.conradinc.biz/clients Advancements, A Series Hosted By Ted Danson, featuring IT-ISAC: https://advancementstv.com IT-ISAC: https://www.it-isac.org CyberShare - The small broadband provider ISAC: https://www.ntca.org/member-services/cybershare CompTIA ISAO: https://connect.comptia.org/membership/comptia-isao The Gate 15 Interview: Elections Security 2020, with the FBI and the Elections Infrastructure ISAC (26 Oct 2020): https://gate15.global/the-gate-15-interview-elections-security-2020-with-the-fbi-and-the-elections-infrastructure-isac/ On the importance of having a “partner mindset,” Scott says, “at the end of the day, we can do more good by collaboration than by fighting (over business)“- Scott Algeier, Founder, President and CEO, Conrad, Inc. Cybersecurity Consulting
Jun 23, 2022
Nerd Out Security Panel Discussion: EP 26. The Return of Travis, Energy, and Lacrosse
The latest episode of Nerd Out feels like one of the first with the return or Travis Moran to the pod. Travis came on to talk about the energy sector and his new work to help make sure that his critical infrastructure is positioned for the number of threats facing the industry. Travis goes into detail about his role and the role of security practitioners and some of the ways that they can be successful with training and exercises. Dave then asked Travis to put on one of his old hats and talked about the looming Roe v Wade decision and what it could for organizations from a protest and demonstration standpoint. Turning to lighter fare, the two shared their love for the sport of lacrosse, Maryland's dominance, the rigor of a season, and why they may or may not be fans of the Premier Lacrosse League. Travis Moran is a Senior Reliability & Security Advisor with SERC Reliability Corporation; firstname.lastname@example.org; he can be found on Twitter at @dronin_on
Jun 16, 2022
The Cybersecurity Evangelist: Ep 20 – Don’t Let Travel Scams Ruin your Vacation Plans
After a drawn out thank you for the success of episode 19 (and 18), The Cybersecurity Evangelist is back to chatting about the human side of cyber in this summer PSA on travel-related scams. Resources mentioned in this episode: * Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays * Avoid Scams When You Travel * ReportFraud.ftc.gov
Jun 7, 2022
The Risk Roundtable EP 30: Jen’s a big deal, sweaty shirts, and persistent threats!
It started off with sweaty shirts and Jen's big announcement and ended with Dave wondering about green tea. But in-between the latest episode of the risk roundtable saw Andy, Jen and Dave talk about familiar topics - namely persistent threats. Unfortunately for all the times we have talked about them, these threats hang around and continue to strike at individuals and organizations. Whether they are cyber or physical related, threat actor continue to go to the proverbial well again and again because they work. The gang talked about the latest cyber threats and recounted the latest string of hostile events ranging from Buffalo, to Texas, to California, and all the others in-between. Equally important to this discussion was the release of the latest National Terrorism Advisory System (NTAS) bulletin that addressed the latest threats and extremist risks (https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-7-2022). After going through the roulette round, Andy led Jen and a partially paying attention Dave through some fun yes or no questions. Items referenced in the Pod include: @Shadowserver https://twitter.com/Shadowserver - https://www.shadowserver.org Dave post on Active Shooter Incidents https://gate15.global/highlights-fbi-update-on-active-shooter-incidents-in-the-united-states/ Rob Yandow's paper on Physiological Response. https://gate15.global/the-brain-and-the-body-the-physiological-response-that-occurs-when-we-experience-fear-stress-trauma-and-critical-incidents/ HEAC White Paper https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ KEV: https://www.cisa.gov/known-exploited-vulnerabilities MFA page (new) https://www.cisa.gov/mfa CISA Jen: https://twitter.com/cisajen/status/1534055424600641537?s=21&t=S54nhjh7Vjp_q7Co9wk0fg Water ISAC and Dragos. https://www.waterisac.org/portal/waterisac-partners-new-dragos-ot-cert-help-underserved-water-and-wastewater-systems @RobertMLee Dawn’s active on LinkedIn (Dawn Cappelli, CISSP) https://www.cisa.gov/uscert/ncas/alerts https://www.cisa.gov/uscert/ncas/current-activity Plus many more - listen in
May 22, 2022
The Gate 15 Interview EP 23. Leigh Honeywell: Hacker, Community Organizer and CEO at Tall Poppy
Leigh is the founder and CEO of Tall Poppy, where she helps companies protect their employees from online harassment. She was previously a Technology Fellow at the ACLU’s Project on Speech, Privacy, and Technology, and also worked at Slack, Salesforce.com, Microsoft, and Symantec. She has co-founded two hackerspaces - HackLabTO in the Kensington Market area in Toronto, and a feminist space called the Seattle Attic Community Workshop in Pioneer Square, Seattle. She is now a member and Chief Security Officer of Double Union, a feminist hackerspace in San Francisco, and she advises several nonprofits and startups. Leigh has a degrees from the University of Toronto where she majored in Computer Science and Equity Studies. Leigh points out that the latter major is about equity as in equality, not as in finance. To learn more about Tall Poppy, visit the Tall Poppy website and connect on Twitter and you can follow and learn more about Leigh on Twitter: @HYPATIADOTCA and LinkedIn. “tall poppy syndrome is a cultural phenomenon in which people hold back, criticize, or sabotage those who have or are believed to have achieved notable success in one or more aspects of life, particularly intellectual or cultural wealth-‘cutting down the tall poppy.’ It describes a draw towards mediocrity and conformity. Commonly in Australia and New Zealand, ‘cutting down the tall poppy’ is used to describe those who deliberately put down another for their success and achievements.“-via Wikipedia In the discussion we address: Leigh’s background and the personal and professional progression that led her to found Tall Poppy What Tall Poppy is doing to help protect individuals through personal digital safety Hackerspaces, equity, diversity and women in cybersecurity Leadership Emerging issues in information security Leigh’s ever-colorful hair, CanRock, KiwiCon, and much more! A few references mentioned in or relevant to our discussion include: Tall Poppy website - https://www.tallpoppy.com Leigh mentioned KYC for crypto. For more on that see What Is KYC and Why Does It Matter For Crypto? (25 Mar 22) - https://www.coindesk.com/learn/what-is-kyc-and-why-does-it-matter-for-crypto/ Leigh spoke about device security and the threat of SIM swapping. Read more from this FBI IC3 Public Service Announcement, Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public (08 Feb 22) - https://www.ic3.gov/Media/Y2022/PSA220208 CISA: Walk This Way to Enable MFA (05 May 22) - https://www.cisa.gov/blog/2022/05/05/walk-way-enable-mfa CISA Director Jen Easterly tweeting about #MFAMay and #MoreThanAPassword (05 May 22) The Kelihos botnet campaign aimed at Apple iCloud accounts was mentioned. Here’s a 2014 blog post from Symantec and a summary from the BBC - https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7273883f-edd4-46c6-a723-ab83ea0b8264&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments Andy mentioned another advocate for people and communities he’s a fan of. Learn more about Matt Mitchell in The Gate 15 Interview: Matt Mitchell, a Champion for Security and Privacy (26 Apr 21) Andy took the opportunity to put in a plug for the upcoming InfraGardNCR Cyber Camp (scheduled for 18-22 July!) And Leigh and Andy gave some unsolicited promotions for 1Password, and Leigh also offered BitWarden as great options for password managers. Leigh also suggested reviewing the Consumer Reports and New York Times’ Wirecutter for reliable reviews
1 hr 11 min
May 18, 2022
Nerd Out Security Panel Discussion: EP 25. Buffalo and the Journey into Hate.
In the latest Nerd Out podcast, Dave is joined by Bridget Johnson to talk about the hostile event at the Top's Supermarket in Buffalo, New York. Looking at the attack through the lens of Gate 15's Hostile Events Attack Cycle (HEAC), Dave and Bridget talked about all the planning and preparedness that went into the attack as documented by the attacker's manifesto. Bridget went into length about the way the attacker outlined his beliefs while showcasing his admiration and reverence to previous attackers, especially the 2019 New Zealand mosque attacker. They wrapped up the pod with some thoughts for organizations to consider and how the lessons learned and behaviors identified can be applied to any location and organization. Bridget wrapped up up with some strong words that this manifesto is dangerous and deliberately speaks to a vulnerable group who may seek inspiration in their own lives. In addition, it represents a journey into hate that organizations need to be mindful of. Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
May 12, 2022
The Cybersecurity Evangelist: Episode 19 - TCE Evangelizes a Few ICS Security Thingz
This month, Jen tries to put the “evangelize” in The Cybersecurity Evangelist by spreading the word on some great work in the ICS cybersecurity community. Resources evangelized in this episode: * @BEERISAC OT/ICS Security Podcast Playlist https://podcasts.apple.com/us/podcast/beerisac-ot-ics-security-podcast-playlist/id1459741251 * Consequence-driven Cyber-informed Engineering (CCE) https://inl.gov/cce/ * ICS4ICS https://gca.isa.org/ics4ics * Top 20 Secure PLC Coding Practices https://www.plc-security.com/index.html
May 3, 2022
The Risk Roundtable EP 29: Reports, and Innovation.
In the latest episode of the Risk Roundtable, in a nod to Jen, the team goes full nerd about a series of new cybersecurity products and reports. Starting off with CISA's Known Exploited Vulnerabilities Catalog Jen can barely contain her excitement about the importance of the report while also addressing the challenges organizations face. Dave, clearly out of his element, tries to counter with his own report - Sophos' The State of Ransomware 2022 report that reminded everyone ransomware is still alive and well....and thriving. Shifting to the roulette round, Dave assumes control, albeit briefly, while Jen and Andy talk about various innovative methods organizations can take to strenghten their internal programs and processes. The roundtable wrapped up with some lighter topics during Andy's three questions that were perfect for the time of year. Some of the links discussed in the pod include: Sophos: The State of Ransomware 2022: https://news.sophos.com/en-us/2022/04/27/the-state-of-ra…
Apr 24, 2022
The Gate 15 Interview EP 22. Ben Taylor, on Cannabis ISAO, cannabis industry security, cybersecurity, rescue dogs and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ben Taylor, Executive Director for the Cannabis ISAO. Ben Taylor is the Executive Director of the Cannabis-ISAO. Ben also serves as a Risk Analyst to several Information Sharing & Analysis Centers and has previous security and operations experience as an Army Officer as well as working through the Department of Homeland Security’s (then) Office of Infrastructure Protection (now part of the Cybersecurity and Infrastructure Security Agency [CISA]). Ben has also spent several years in marketing and partner development roles within the tourism industry, to include working to promote Cannabis tourism in Oakland, California. To learn more about Cannabis ISAO, visit the Cannabis ISAO website, or on Twitter: @CannabisISAO and LinkedIn. In the discussion we address: * Ben’s background and the work he’s doing with Cannabis-ISAO today * Some background on the development of Information Sharing and Analysis Center…
Apr 21, 2022
Nerd Out Security Panel Discussion: EP24. NYC, Sweden and More.
There was no shortage of topics for the Nerd Out gang to get into this month as Dave, Bridget and Joe dug into recent events. Starting off with some follow ups to hurricane predictions, outdoor festivals, and Piers Morgan (is it marketing or misinformation), the team batted around some of some of the challenges with these areas and some recent publications that can help teams plan for moving forward. Then the nerds really got into some great discussions around monitoring and situational awareness around recent incidents in NYC (subway shooting) and Ohio (arrest of security guard), as well as the escalated protests around the Quran burning in Sweden and if organizations need to think about copy-cats or a revival of protests and demonstrations this coming summer. Wrapping up with an attempt to be fun, the gang just showed how big of nerds they are yet still managed to give some suggestions for light-hearted shows or materials. Discussed on the pod: Conspiracy Theories: https://www.npr.or…
Apr 10, 2022
The Cybersecurity Evangelist: Ep 18 – Space Systems are Critical Infrastructure for Critical Infrastructure
A chat with Erin Miller, Executive Director of Space ISAC, from the 37th Space Symposium Have you ever thought about just how much reliance there is on space systems and how satellites – tons of them – are actually flying computers with IP addresses? In an episode that is out of this world, the Gate 15 Podcast Channel welcomes back a very special guest – Erin Miller, Executive Director of Space ISAC on the 18th episode of The Cybersecurity Evangelist – to talk about all that and more from the 37th Space Symposium at The Broadmoor in Colorado Springs. From an event that Erin called, “bigger than Disneyland,” we talked about the importance of securing space systems, the pivotal role that Space ISAC is playing to increase the cybersecurity posture for the global space community, and the general passion for cybersecurity among attendees and speakers at the symposium. Resources mentioned in this episode: * Space ISAC * 37th Space Symposium * Dr. Stacey Dixon (LinkedIn)…
Apr 4, 2022
The Risk Roundtable EP 28: Dave's McLaughlin Group Impression.
Little did Andy know when he let Dave take the controls that he would turn it into a mini-McLaughlin Group (those in the DMV know). In this format Andy and Jen talked about four key questions around Ukraine while Dave attempted to moderate. This discussion dove deep into concerns around the current conflict in the Ukraine, Russian capabilities and organizational defenses, as well as key areas for organizations to remain mindful of! The group landed with a dud when a pop star question fell flat, but Jen quickly picked up and talked about her recent conference attendance and meeting some power people (hi CISA Jen!). The group wrapped up with some some reminders and quick hits before heading into Andy's final 3 questions. Some of the reference mentioned in the pod include: https://criticalinfrastructuredefense.org/ https://www.cisa.gov/shields-up https://www.cisa.gov/uscert/shields-technical-guidance https://www.cyberscoop.com/ukraine-russia-us-cybersecurity-companies/ https://www.cisa.…
Mar 29, 2022
Nerd Out Security Panel Discussion: EP23. Ukraine, Outdoor Events and the gang!
The gang is back together as Bridget Johnson and Joe Levy join Dave on the podcast to catch up on what they've missed while turning their attention to Ukraine and outdoor events. Within Ukraine, the nerdites talked about the effects of the current conflict, TikTok and the evolving information wars to include disinformation and misinformation campaigns on all sides, and what some outcomes may be long term. The gang then turned to thoughts of warmer weather and the upcoming outdoor events and activities. Looking at it through a security lens the Bridget, Joe and Dave looked at some important considerations while also keeping focus on those other events leading up to the 2022 election season. Before wrapping up with some pointed security plugs, the team talked about hurricane predictions and outdoor events to look forward to. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Office…
Mar 20, 2022
The Gate 15 Interview EP 21. Gary Warner on cyber forensics, information sharing, haikus, birdwatching and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Gary Warner, Director of Research in Computer Forensics’ for the University of Alabama at Birmingham (UAB) and the Director of Threat Intelligence for DarkTower. From his LinkedIn bio, “Gary is the ‘Director of Research in Computer Forensics’ for the University of Alabama at Birmingham (UAB). In this role, which brings together the Computer Science and Criminal Justice departments, he is concentrating on research that will help law enforcement and other security professionals to identify, apprehend, prosecute and convict those who are committing cybercrime, and spread information to victims and potential victims about cybercrime issues. 90 analysts and programmers work in the UAB Computer Forensics Lab building tools and providing intelligence for a variety of clients around Cybercrime, Fraud, and Terrorism, as well as the Social Media aspects of more traditional crimes, including Gang Activity and Transnational…
1 hr 8 min
Mar 14, 2022
The Cybersecurity Evangelist: Ep 17 – Health-ISAC, the ISAC Most Likely to Appear on the Gate 15 Podcast Channel
This month, The Cybersecurity Evangelist chats with a couple of budding podcasters. For the third appearance on the Gate 15 Podcast Channel, the Health Information Sharing and Analysis Center (H-ISAC) joins me for episode 17. I got to put my ISAC analyst hat on and talk with the heart of Health-ISAC – the dynamic duo of Zach Nelson (Threat Operations Center Manager) and Joshua Justice (Senior Cyber Threat Intelligence Analyst) from the Threat Operations Center about what drives Health-ISAC and the goals of the Threat Operations Center – the privacy and security of our protected health information (PHI) and why threat actors want that information – _yours and mine_! We also talked a little about cross-sector collaboration, especially between the ISACs, and rounded it out with a general reminder for all to be #BeCyberSmart about phishing themes leveraging the Russia-Ukraine conflict. Resources mentioned in this episode * Health-ISAC * H-ISAC Events * The Gate 15 Interview:…
Mar 7, 2022
The Risk Roundtable EP 27: Don't let bias guide your preparedness
In the latest Risk Roundtable, Andy, Jen, and Dave talk about the war in Ukraine and what it means for preparedness. Sometimes you just have to call a spade a spade and not allow personal, political or other bias to affect your organization’s analysis or preparedness. While Andy and Dave throw flags on their previous predictions, Jen brings us back to reality and talks about being aware, being prepared, and reminds “don’t panic.” Andy then drills down on bias and how it can have an impact on organizations. During the Roulette Round, Jen talked about CISA’s Known Exploited Vulnerabilities Catalog, vulnerabilities, and patching (while Dave ensured it wasn’t his Windows 2000 computer exposure that Jen was referring to…), then Dave brought up the importance of disaster preparedness in light of spring and summer severe weather events. Andy wrapped things up with a quick talk about the “People’s Convoy” and the battle of the Washington, D.C. Beltway! The pod wraps up wit…
Feb 28, 2022
The Cybersecurity Evangelist: Ep 16 - Everybody Loves Love (PSA on Romance Scams)
Why Scammers Love Love Too! On Episode 16, The Cybersecurity Evangelist talks about love! Well, more specifically romance scams. I talked about the social engineering component of romance scams, a few fraud reports and financial losses due to romance scams, red flags that could indicate someone you know is caught in a romance scam, some common and practical steps to defeating romance and other types of social engineering based scams, and the importance of reporting romance scams. No matter how painful, falling for a romance scam is nothing to be ashamed of. Romance scams can happen to anyone at any age. Resources mentioned in this episode: * The Gate 15 SUN https://paper.li/gate15#/ (subscribe!!) * FTC https://www.consumer.ftc.gov/ & ReportFraud.FTC https://reportfraud.ftc.gov/#/ * Stop. Think. Connect. https://stopthinkconnect.org/ * Stay Safe Online (National Cybersecurity Alliance) https://staysafeonline.org/ * Cybercrime Support Network (CSN) https://cybercrimesupport.o…
1 hr 5 min
Feb 20, 2022
The Gate 15 Interview EP20. Joseph Marks and Cybersecurity 202!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Joseph Marks, Washington Post reporter for The Cybersecurity 202. From his Washington Post bio, “Joe Marks writes The Cybersecurity 202 newsletter focused on the policy and politics of cybersecurity. Before joining The Washington Post, Marks covered cybersecurity for Politico and Nextgov, a news site focused on government technology and security. He also covered patent and copyright trends for Bloomberg BNA and federal litigation for Law360. Marks began his career at Midwestern newspapers covering city and county governments, crime, fires and features. He spent two years at the Grand Forks Herald in North Dakota and is originally from Iowa City. Joe on Twitter, @Joseph_Marks_. Joe on LinkedIn. Subscribe to The Cybersecurity 202. In the discussion we address: * Joe’s background and the work he’s doing today at the Washington Post * Joe’s perspective on “insider the beltway” cybersecurity * The Cyberse…
Feb 7, 2022
Nerd Out Security Panel Discussion: EP22. Taking your Questions!
Dave goes solo again to handle some common questions he faces, but only after sharing some of his thoughts on the Olympics and his favorite t.v. shows. But then getting down to business Dave talked about three questions - starting your security plan (now), getting into the business (be flexible and get your foot in the door), and the security shortage (invest in your people). Security is a challenge but it's even harder when you put it off time and time again - get started and refine and improve. Dave then gets on his soapbox and tells others to get off his yard when talking about getting into the business while having organizations stop complaining about the lack of talent and instead investing in their own to build a strong workforce. Along the way, Dave even said a nice thing about Andy.
Feb 2, 2022
The Risk Roundtable EP 26: Making the Quantum Leap!
In the first Risk Roundtable of 2022 - the gang is finally back in the same country again to talk about the latest security issues. Not that they went back in time, but harkening back to the Cold War, the roundtable talked about the current tensions between Ukraine and Russia. Highlighting the differences form that bygone era, Jen talked about the global reach that Russia has to target organizations well beyond the European Continent. Dave then expounded and reminded listeners of the importance of looking at capabilities and not focused on a far off land. Then Jen gave Andy much credit for recognizing our hero Troy Hunt for all the great work that he, and other security professionals and teams who provide services for free or low costs. Before going into Andy's three questions Dave expounded a bit and talked about the Global Risk Report from the World Economic Forum. The gang ended on some fun talking about Valentine's Day, Quantum Leap, and Boba! Some links: Link to Ronnie video Ronni…
Jan 24, 2022
Nerd Out Security Panel Discussion: EP 21. Quarantine and Colleyville Attack
In the latest episode of Nerd Out, Dave starts off by talking about his recent quarantine experience in Costa Rica (21 days!) before welcoming in a panel to discuss the Colleyville, Texas synagogue attack. Bringing in Mayya Saab, Seth Ozer, and Ed Heyman the panel went through the hostile event and looked at initial reactions, what can be learned from this situation, and some of the key takeaways. The team then stressed the importance of training in this situation, but also discussed several low cost options and ways to make their location more secure. Mayya Saab is the Executive Director of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO); Seth Ozer is Senior Consultant with Woodstone Consulting, LLC; Ed Heyman is the co-chair of the FB-ISAO Organizational Residence Group
1 hr 2 min
Jan 17, 2022
The Gate 15 Interview EP 19. Ronnie Tokazowski, Principal Threat Advisor at Cofense on Business Email Compromise (BEC), 419 scams, Indian food, and so much more!
Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ronnie Tokazowski, Principal Threat Advisor at Cofense. Ronnie is a recognized expert cybersecurity researcher with success in reverse engineering both crimeware and Advanced Persistent Threat malware, including creation of decoders and indicators for detecting malicious attacks. When he’s not frustrating bad guys, Ronnie is an accidental YouTuber, likes cooking, spicy food, and memes. Ronnie on Twitter, @iHeartMalware. Ronnie’s YouTube channel: Ronnie Rants. In the discussion we address: Ronnie’s background and the work he’s doing at Cofense Business Email Compromise (BEC) Voodoo (no, seriously…) Ronnie’s hair and more! “(at Cofense), we try to go back to the human…” – Ronnie Tokazowski, durin…
1 hr 10 min
Jan 11, 2022
The Cybersecurity Evangelist: Ep 15 - Happy New Cyber Habits 2022!
This first TCE episode of 2022 (and first video - on Spotify) includes a few gentle and some not-so-gentle reminders on cybersecurity best practices and practices for better cyber hygiene. I start with a few cybersecurity controls for businesses to buckle down on this year, including identifying assets, vetting vulnerabilities, and pursuing more potent password policies. Then, I actually persist on the password point with some pontification about our predilection for problematic passwords and propose pointers for a more polished password posture. While there’s probably nothing new in this episode, I hope it serves as a gentle nudge to promote better cyber hygiene habits – not just resolutions for 2022, but positive habits to develop for all-time toward a more cyber secure you! I also evangelize for a new CISA resource - the Known Exploited Vulnerabilities Catalog. Other resource mentioned in this episode: https://www.consumer.ftc.gov/articles/password-checklist
Dec 27, 2021
The Gate 15 Interview EP 18. RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ Roll
The Gate 15 Interview: RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ RollIn this episode of The Gate 15 Interview, Andy Jabbour speaks with two leaders from the Retail Industry Leaders Association (RILA), Ms. Lisa LaBruno, RILA’s Senior Executive Vice President of Retail Operations, and Mr. Michael Hanson, RILA’s Senior Executive Vice President of Public Affairs. The RILA “is the U.S. trade association for leading retailers. RILA partners with leading retailers to meet the challenges of a dynamic economy. Through collaboration and thought leadership, we advance ideas that foster free markets, competition, economic growth, and sustainability.” RILA on Twitter, @RILATweeets.In the discussion we address: The enduring threat of Organized Retail Crime (ORC) Private sector activity relating to ORC Private-public partnership and legislative action on ORC RILA’s focus for 2022 Country music, meatballs, Springsteen, and more!…
1 hr 3 min
Dec 20, 2021
Nerd Out Security Panel Discussion: EP 20. Retail crime and the year it was!
The last Nerd Out episode of the season comes out strong talking about retail crime as Bridget shared stories of her busting out shoplifting trends, and then talking about the larger security issues at play (specifically overwhelming security) with the latest smash and grab incidents during the holidays. Joe then talked about the ways that these type of issues could spread to other sectors and encouraged organizations to evaluate their processes and training. The nerds then turned the clock back to look at some of the takeaways from 2021 while looking ahead to 2022 to see what organizations can do to start planning for. And for all the areas that were covered, there were so many more highlighting the continued challenge that organizations face. Wrapping up the year on a fun note, the merry band of nerds talked about their favorite holiday movie. Can you guess them all? It's been quite a year for the Nerd Out podcast and we want to wish you all a safe holidays, and we are looking forwar…
Dec 7, 2021
The Risk Roundtable: EP 25. Holiday scams, reporting and year end fun!
In the latest episode of the Risk Roundtable, Andy leads the team through a review of the latest risks facing individuals and organizations. Jen decked the halls talking about the latest holiday scams that continue to bring coal to good boys and girls. Then Dave talked about the latest school shooting in Michigan and tried not to be a Scrooge by talking about some positive take-aways while highlighting important lessons still to be learned in Christmas future. Then, while Dave danced to spinning the wheel in his head, the roundtable talked about their favorite moments from across the Gate 15 Podcast Channel, after all, we are living in a physical world (Jen). The podcast wrapped up with some holiday cheer talking about favorite television or movies for the season. From all of us at Gate 15, to all of the security teams and organizations around the world, here is hoping for a happy holidays and a wonderful 2022! Companies Linked to Russian Ransomware Hide in Plain Sight. Cybersecurity e…
Nov 21, 2021
The Gate 15 Interview EP 17. Bob Kolasky talks critical infrastructure, risk, Guns N’ Roses and pizza
In this episode of The Gate 15 Interview, Andy Jabbour talks with Robert (Bob) Kolasky, Cybersecurity and Infrastructure Security Agency’s (CISA) Assistant Director, leading the National Risk Management Center (NRMC) since 2018. At the NRMC, Bob “oversees the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. The Center provides a central venue for government and industry to combine their knowledge and capabilities in a uniquely collaborative and forward-looking environment. Center activities support both operational and strategic unified risk management efforts. ” Bob’s complete DHS bio (https://www.cisa.gov/bob-kolasky). Bob on LinkedIn (https://www.linkedin.com/in/bob-kolasky-92ab554/). Bob on Twitter, @BobKolasky. In the discussion we address: • Bob’s background • The CISA National Risk Management Center • Election security and election integrity • DHS’s role in 5G risk m…
Nov 16, 2021
Nerd Out Security Panel Discussion: EP 19. Talking Crowd Control and the Holidays - in 2 Parts!
In the latest episode of Nerd Out, this is a very special two parter. In the first part, the nerdies (Bridget and Joe) talk about the fallout from the Houston Astropark disaster ranging from the considerations that go into the event planning, and whether there should be a blame game. And then they look at how threat actors may use this event for future threat planning (note the Hostile Events Attack Cycle) before turning their attention to the latest National Terrorism Advisory System Bulletin release and what it could mean for the holidays. In part two, Dave welcomes in Tamara Herold and goes a little deeper into the Houston incident and what it could mean for events moving forward. Some references brought up in the podcast: Example of Crowd wave: https://www.youtube.com/watch?v=BgpdmAtbhbE Crowd Dynamics: https://www.youtube.com/watch?v=kmqsc7srIfY and https://www.youtube.com/watch?v=Txrs4ssiAz0 Roger Federer saves kid: https://www.youtube.com/watch?v=RymfiBXKuMQ 2018 Concert in It…
Nov 1, 2021
The Risk Roundtable: EP 24. Are you Living in the Physical World?
In the latest Risk Roundtable, Andy, Dave and Jen ponder whether or not we live in the physical world or if a little time off took Jen to a whole new dimension. Kicking off with another acronym soup month, the team looks at Critical Infrastructure Security and Resilience Month and the downstream impacts that can affect organizations who fail to incorporate for critical infrastructure into their preparedness plans. Then roundtable talked about the recent warning of terrorist capabilities to strike the U.S. as well as whether organizations are better prepared today to address a crisis than they were pre-COVID. In the process, the team came up with a new term - "Preparedness Calculus" - and whether organizations are evaluating events and factoring that into their preparedness process. The discussions wrapped up with Andy's three questions involving some favorite fall themes - warm clothing, turkey, and the Lion's losing. But before signing off, Dave had to talk about his enjoyment for Dun…
Oct 24, 2021
The Gate 15 Interview EP 16. Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!)
In this episode of The Gate 15 Interview, Andy Jabbour talks with Erin Miller, Executive Director for Space ISAC (https://s-isac.org). “The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information.” Erin on Twitter (@erinmarmiller). Erin on LinkedIn (@erinmarlenemiller). In the discussion we address: * Erin’s background * Space ISAC, now and into the future * Blockchain in space * Threats, risks and working with the community to secure space infrastructure * Erin weighs in on important issues, including the great Pluto debate (!), and more in our three questions segment * And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as w…
Oct 18, 2021
Nerd Out Security Panel Discussion: EP 18. Dave Solo?! Talking Recent Events and Preparedness
In the most recent episode of Nerd out, and as accurately described by Ron Burgundy it could be a horrible news story but Dave goes solo to talk about the recent events. These include the Norway Bow and Arrow attack, the murder of a British Member of Parliament, and two of the more recent insider threat attacks and how organizations can learn from these events and improve their security posture. Dave then goes a little pop culture to talk about his three favorite security movies and shows. He also uses these references to talk about how organizations can build and nuture their own intelligence analysts and the value they can bring to an organizations. Rough transitions aside and some help from Ron Burgundy and Syndrome aside the panel will return for next month as they look ahead to what should be a busy holiday season.
Oct 14, 2021
The Cybersecurity Evangelist_Ep14_Cybersecurity Awareness Month 2021
The Cybersecurity Evangelist "evangelizes" Cybersecurity Awareness Month 2021. Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and cisa.gov/ncsam. Other resources mentioned during this episode: * https://www.cisa.gov/cyber-essentials * https://www.ic3.gov/ * https://www.sans.org/tip-of-the-day?msc=main-nav * https://cybercrimesupport.org/ * https://fightcybercrime.org/ * https://gate15.global/cybersecurity-awareness-month-2021-tips-from-the-pros/
Oct 4, 2021
The Risk Roundtable: EP 23. CAM, Disgruntled Employees, and Scott Bakula
The latest episode of the Risk Roundtable gets the group going in all sorts of directions ranging from an opening related to COVID fatigue, Cybersecurity Awareness Month, and disgruntled employees. After deliberating whether they need a new roulette round music selection (Dave volunteered to sing it), the group sang the praises of new CISA chief Jen Easterly and the way she has been out front on all of the latest security issues, as well as sharing some of our favorite security twitter feeds, as well as hitting on the importance of Patching (catch out Jen's latest Cybersecurity Evangelist Pod for more details). The group wrapped up with Andy's three questions to address Super Bowl projections, Halloween, and what show we would want to reboot - hello Quantum Leap! Some of the reports and postings referenced in the podcast include: CISA and Krebs: https://gate15.global/cybersecurity-infrastructure-security-time-to-make-this-happen/ Cybersecurity Awareness Month - Tips from the Pros: http…
Sep 27, 2021
Nerd Out Security Panel Discussion: EP 17. Lessons of the past to prepare the future
In the latest edition of Nerd Out, Dave is joined by nerdette Bridget Johnson, and nerd Joe Levy to take stock of what did and did not happen at the recent Justice for January 6th event in Washington D.C. and the preparedness lessons learned. Equally important is how could venues use those lessons to plan for the future. The team also looked at some of the root causes for the low attendance and why there may be a larger cause for concern. The merry band of nerds and nerdettes went through some fall-inspired quick hits all the while giving due credit to CISA for their bevy of resources to include the latest series: De-Escalation Series for Critical Infrastructure Owners and Operators (www.cisa.gov/publication/de-escalation-series). Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: email@example.com Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Office…
Sep 19, 2021
The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Arena, CEO, Intel 471. In the discussion we address: Mark’s background Intel 471 Cyber threats Future threats And more! “It all goes down to password reuse… enforce two-factor authentication on everything…” – Mark Arena Mark on Twitter: @markarenaau. Mark on LinkedIn. https://www.linkedin.com/in/mark-arena-36a86516/ Intel471 on Twitter: @Intel471Inc. Intel471 on LinkedIn. https://www.linkedin.com/company/intel-471/ A few references mentioned in or relevant to our discussion include: Intel 471: https://intel471.com Intel 471’s Cyber Underground General Intelligence Requirements Handbook. https://intel471.com/resources/cu-girh-download-request Upcoming Intel 471 video podcast! Intel 471 CTI experts will examine recent developments in the cyber underground through the lens of the media & telecommunications sector. Check it out: 28 Sep 2021, 11am (see registration link for time zone op…
Sep 15, 2021
TCE EP13 - Prattling on About Patching on this Podcast Party of One
Your favorite cybersecurity evangelist waxes solo and prattles on about patching in this no frills episode of TCE.
Sep 6, 2021
The Risk Roundtable: EP 22. Acronym Soup
Security awareness months kick into high gear and the Risk Roundtable crew gives their thoughts on the various ones (NPM, NITAM, NCAM, XYZPDQ...) and the heart of each one - Preparedness and Awareness! The group then talks about some of the ongoing protest activities and look ahead to some upcoming events including the "Justice for J6" event. Continuing the preparedness theme, and switching to the Roulette Round the roundtable turned to everyone's favorite security researcher - Troy Hunt and him living his best life while making everyone aware of their risks as well as a lively debate on passwords. Toss in some comments about weather preparedness and whatever Andy wanted to go off on and the group wrapped up with some fun (even questionable) questions. Still not sure why everyone shutters at green holidays. Some of the references from the discussion: National Preparedness Month | Ready.gov: https://www.ready.gov/september National Insider Threat Awareness Month: https://www.odni.…
Aug 22, 2021
The Gate 15 Interview EP 14. Amanda Mason, Vice President, Intelligence, Related Companies, discusses security, info sharing, terrorism, extremism, 9/11, and more.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Amanda Mason, Vice President, Intelligence, Related Companies. “Our passion for urban life could not be any stronger. We are committed to moving our communities forward and enriching people’s lives.” - Stephen M. Ross, Chairman & Founder. Amanda on LinkedIn. In the discussion we address: Amanda’s background Amanda’s current responsibilities at Related Companies COVID and safe and secure operations and reopening The recent National Terrorism Advisory System Bulletin, Afghanistan and associated concerns Terrorism, extremism, and the upcoming 20th anniversary of the 9/11 attacks And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. “We can’t necessarily predict, but we can prepare.” A few references mentioned in or relevant…
Aug 17, 2021
Nerd Out Security Panel Discussion: EP 16. Terrorism, NTAS, Misinformation, COVID, and the end credits!
After a a busy couple of weeks, the merry band of Nerdies gathered to discuss the latest news on the terrorism and extremist front and how misinformation has shaped so much of these advanced. The group started with Bridget’s reporting of a new Al Qaeda message, which was followed with press reports extremist chatter and then the he National Terrorism Alert System Bulletin. These all gave the group an opportunity to talk to the risks to various locations, especially venues and the Commercial Facilities Sector. Next, the group transitioned to mis-information and how integral it was to both terrorist groups as well as domestic violent extremism. COVID dominated the last part of the discussion with Bridget sharing her personal story and loss before the group went through a rapid fire set of questions! But just like our favorite band of super-heroes, stay for the end credits and you might here about killer mosquitos. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; ema…
Aug 3, 2021
The Risk Roundtable: EP 22. Who's the Nerd Now?
The discussions were lively on the latest edition of the Risk Roundtable as Jen showed off her inner nerd! With Andy nursing an injury, Dave and Jen took off on topics ranging from the latest White House memos on improving critical infrastructure to the troubling trends on COVID and what it all means for businesses and organizations. In the roulette round (Dave is on a 2 pod winning streak with the theme music) the roundtable talked about some all-hazards and preparedness for the upcoming religious holidays before Jen "nerded out" on various reports on new CVEs and displayed a very nerdy t-shirt to boot! Andy got his strength back for his three questions where Dave revealed his disgust over some veggies and lack of love for a historic band! Some of the links mentioned in the podcast included: * National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems: https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-securit…
Jul 26, 2021
The Gate 15 Interview EP 13. Peter Ashwin - Risk and Security Expert, and Original International MoM
In this episode of The Gate 15 Interview, Andy Jabbour talks with Peter Ashwin, the principal and founder of Event Risk Management Solutions (ERMS), a consulting practice committed to enabling event organizers to meet the challenges of today’s volatile and uncertain world. Peter is recognized as an innovative, industry leader for the design and implementation of event security and risk management solutions to support event organizing committees and their public and private security partners deliver safe and secure, world class event experiences within complex, multi-agency environments. He is a former Australian Army special forces officer who now calls Montreal, home. Peter on LinkedIn. In the discussion we address: Peter’s background The Olympics and major event security and risk management The current threat and risk landscape Event and venue security and best practices And more!
Jul 20, 2021
Nerd Out Security Panel Discussion: EP 15. Let’s talk about Health!
In the latest episode of Nerd Out, Dave is joined by everyone’s favorite Crimson Tide enthusiast - Jon Crosson. Jon is the Director of Critical Infrastructure – Vital Services for Gate 15.Jon currently supports the Health Information Sharing and Analysis Center (H-ISAC) as the Director, Special Interest Group Services. H-ISAC is a non-profit organization that is dedicated to protecting the healthcare and public health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information. In the episode, Jon looks at the current security threats facing the health sector and healthcare organizations to include the impact that COVID has had, as well as the battle against mis/disinformation. Dave and Jon then look back at some of Jon's background and how he got in position to be a trusted partner in the community. And finally, turning to one of Jon's true loves, Dave and Jon talk about the upcoming college football season and the outlet for the Cr…
Jul 13, 2021
The Cybersecurity Evangelist: EP 12 – Cyber isn’t Scary, it’s Necessary
On episode 12 of The Cybersecurity Evangelist (TCE) podcast, I chat with a couple of Baby Boomers with varied perspectives of cybersecurity as I take TCE back to its roots – as the cybersecurity podcast for everyone. Ed Heyman (@El_Grillo1) and a mystery guest to talk about “The Great Bewilderment.” We also discuss why boomers are the generation most likely to take privacy and security seriously, and what bare minimum level of cyber awareness everyone should maintain. Resources mentioned in this episode (along with other relevant posts not mentioned): * The Social Dilemma – The technology that connects us also controls us. (Netflix original film) * Survey finds massive gap in awareness of cyberattacks (Summary of survey by Armis, published on ZDNet) * Protecting a New Vulnerable Population on the Internet (@Bob Covello – Tripwire) * Protecting the New Most Vulnerable Population – The Grandparent Scam (@Bob Covello – Tripwire) * Protecting the New Most Vulnerab…
Jul 7, 2021
The Risk Roundtable: EP 21. Ransomware and Terrorism - they never seem to go away.
The Risk Roundtable crew gathers after a long weekend and talks about the latest ransomware and terrorism news not to mention the discussion about the governments decision to release classified information.
Jul 6, 2021
Nerd Out Security Panel Discussion: EP 14. Reports Galore!
In the latest episode of Nerd Out, Dave is joined by some old friends, Joe and Bridget, while they welcome in Amanda Mason to the panel where they discuss the latest series of reports from the FBI, the U.S. Senate, and from across the pond and the Manchester Arena bombing inquiry. They discuss the value of these type of reports, and the lessons that can be learned from the observations. Amanda then shares some of the insight from the January 6th incident from a first-hand view of the situation as it unfolded. After going through the reports and calling out some of the challenges highlighted the panel goes through a rapid fire session with questions ranging from security trends, ransomware (sorry Jen), and what the panel is reading or watching. The reports discussed include: Active Shooter Incidents 20-Year Review, 2000-2019 Examining the U.S. Capitol Attack: A Review of the Security, Planning, and Response Failures of January 6 Manchester Arena Inquiry Dave Pounder is a Senior R…
1 hr 1 min
Jul 6, 2021
The Risk Roundtable: EP 20. The latest security news delivered without remorse.
The Risk Roundtable crew jumps into summer with a new episode focused on some of the latest security news. Kicking off the episode, the team looks at the latest FBI report on Active Shooters (Active Shooter Incidents 20-Year Review, 2000-2019) and how organizations can integrate this information into their security planning and preparedness. Then they switch over to talk about a threat that grows stronger each month - Ransomware. Jen breaks down the latest ransomware activity and reminds organizations to not go at it alone! Then while Dave is dancing on mute, the risk roulette goes into some topics about opting out of some services that may feel forced, and the upcoming summer season (Fourth of July) and the security precautions organizations need to remember when planning events. Andy then wraps up the episode sharing how much he loved a certain movie that was Dave's favorite book of all time. Dave might have had something....or three minutes....to say something about it. Some refere…
Jun 15, 2021
The Cybersecurity Evangelist: EP 11 – The ISAC Series – Tribal-ISAC
My final ISAC segment for TCE was a great discussion with two Steering Committee Members from Tribal-ISAC. Bill Travitz – Director, Office of Information Technology, Eastern Band of Cherokee Indians, and Lee Edberg - IT Cybersecurity Manager for Mystic Lake Casino Hotel, Shakopee Mdewakanton Sioux Community. The overall theme of this episode, and the ISAC series in general - We are stronger together! As Lee said, there is invaluable power in numbers with more tribes fighting the threat landscape together; get involved, get to a meeting, and contribute! Similarly for Bill, it’s about being a good neighbor, and that is a value that tribes already have! We all learn from one another. Tribal-ISAC is open to membership for Native American and Alaskan Native tribal government, operations, and enterprises. Resources discussed in this episode: * TribalHub * TribalNet Conference * Tribal ISAC * MS-ISAC(Multi-State Information Sharing & Analysis Center)
May 24, 2021
The Gate 15 Interview EP 12. Bryan Ware: Analytics Geek, Emerging Technologies Expert
In this episode of The Gate 15 Interview, Andy Jabbour talks with Bryan Ware, founder and CEO of Next5 (next5.co), a technology-focused business intelligence and strategic advisory firm. In addition to being a successful entrepreneur, Bryan is a self-described “analytics geek” and emerging technologies expert. He has formerly served as the CEO at Haystax Technology and more recently served at DHS Cybersecurity and Infrastructure Security Agency (CISA) as the Assistant Director for the Cybersecurity Division. Bryan on Twitter (@bsware). Bryan on LinkedIn. In the discussion we address: Bryan’s background and his experience in the private sector and at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) His new project, Next5 Critical and emerging technology and associated concerns Geopolitical and other security challenges Find out what Bryan means when he says “I believe in Liquid Diplomacy?” Here his call to service And more! “I’m most passionate about the cri…
May 18, 2021
Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO!
In the latest episode of Nerd Out, Dave welcomes in Ben Taylor, Executive Director of the Cannabis Information Sharing and Analysis Organization (ISAO). Their conversation looked at the evolution of the industry and the needs that an ISAO can provide to help those in the ever-growing Cannabis industry look at threats and develop strategies to protect their customers and organizations. Ben talked through the announcement of the ISAO and the next steps including offerings on their website and social media platforms. Dave and Ben also looked at the challenges that ISAOs face in getting attention and gaining members, but highlighted the value that they bring and the value of information sharing to the overall strength of the industry. To learn more about Cannabis ISAO, visit their website: https://cannabisisao.org or check out their social media accounts. Twitter: @CannabisISAO and LinkedIn: @CannabisISAO Ben Taylor is the Executive Director of the Cannabis-ISAO. Ben also serves as a Ris…
May 11, 2021
The Cybersecurity Evangelist: EP 10 – The ISAC Series, REN-ISAC (Part 2)
TCE continues the chat with REN-ISAC’s Krysten Stevens and Brett Zupan. On this episode: * We emphasize the importance of relationship building among higher ed and relevant community resources. * Discuss the wide and varied landscape of higher ed and research community. * We jump up on our soapboxes about how cyber is a cost of doing business, and not “if” but “when” you become a cyber attack victim. * We chat REN-ISAC services, such as Security Event System (SES), Peer Assessment Service, and Workshops (again). * Krysten brilliantly reminds us of the “trust community” that the ISACs represent. * Brett sucks up to Krysten with a nod to the technical operations team; and of course, Krysten couldn’t help but brag on her team too! As it should be. ;-) * Brett rounds out our discussion with a masterful shout out to the NCI (National Council of ISACs). REN-ISAC Resources discussed on this episode: Peer Assessment Service - https://www.ren-isac.net/public-re…
May 4, 2021
The Risk Roundtable: EP 19. What becomes of the miscreants?
A year ago, as the pandemic had taken hold around the world, there was a lot of confusion and uncertainty. And while threats were equally as susceptible to COVID, they ultimately rose to exploit the situation. Now that vaccines are being distributed and the world is slowly reopening, does this change the threat environment? The Risk Roundtable crew discusses this potential, as well as other security matters that individuals and organizations should be on guard for moving into the summer months. Then after the risk roulette discussion, complete with music (thanks Dave), Andy leads the gang in a "get to know you" series of questions. Scams: https://www.ftc.gov/coronavirus/scams-consumer-advice Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/
Apr 26, 2021
The Gate 15 Interview EP 11. Matt Mitchell, a Champion for Security and Privacy
In this episode of The Gate 15 Interview, Andy Jabbour talks with Matt Mitchell, “a hacker and Tech Fellow at The Ford Foundation. Matt is working with the BUILD and Technology and Society teams at Ford Foundation to develop digital security strategy, technical assistance offerings, and safety and security measures for the foundation’s grantee partners. Matt was recently named by WIRED magazine as one of the 25 ‘innovators who are using technology to lead society through this period of global uncertainty and pointing the way to a safer future.’ called the WIRED25.” In 2017, Matt was listed by VICE's MOTHERBOARD as a HUMAN OF THE YEAR, for his work protecting marginalized communities from surveillance. Read more about Matt in this Medium post. Photo by Nick Lee, via Medium. Matt on Twitter. Matt on LinkedIn. In the discussion we address: • Matt’s background • Current projects • Privacy as a right • Privacy as security • And more! “Backdoors… they don’t work…
Apr 19, 2021
Nerd Out Security Panel Discussion: EP 12. High Stress and U....2.
This month the panel is a party of one - Rob Yandow joins again to talk with Dave about high stress situations and preparedness. This is especially relevant given the reopenings and the latest hostile event situations. Rob goes into detail about the phsiology of fear, as well as how and why individuals respond to high stress situations the way they do. Using various examples, Rob hammers home the various stages in the survival arc - denial, deliberation, and decisive action. And most importantly, the podcast talks about the ways organizations can use this information to train and prepare to respond. Then Dave is joined by a special guest to talk about the greatest band ever. Rob Yandow is a security expert who is a former police officer and who works with the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) and serves as the Co-Chair of their Business Resilience Group - website: https://faithbased-isao.org. Twitter: @RobYandow
1 hr 6 min
Apr 12, 2021
The Cybersecurity Evangelist: EP 9 – The ISAC Series, Part 5 – REN-ISAC
Despite the razzing I got from the guys (David Pounder - host of the NerdOut! Security Panel Discussion, and Andy Jabbour - host of The Gate 15 Interview) during the last Risk Roundtable, the TCE ISAC Series continues!!! This time, REN-ISAC (Research & Education Networks Information Sharing & Analysis Center) joins me. REN-ISAC serves the higher education and research community by promoting cybersecurity operational protections and response. For this episode, I enjoyed a fun and lively chat with Krysten Stevens, “new” Director of Technical Operations, and Brett Zupan, Risk Analyst and DC Liaison. We talked about threats facing the research and higher education community and bragged on Kim Milford’s (REN-ISAC’s Executive Director) amazing vision in 2019 to execute a series of workshops that had colleges, universities, and relevant community partners, such as state/local health departments and law enforcement working together through an infectious disease scenario – a scenario…
Apr 6, 2021
The Risk Roundtable: EP 18. Security / Analytical Bias.
The Risk Roundtable crew looked at the increasingly important idea of security bias and security blindness. The group specifically looked at how bias in analysis can lead to security blindness and the minimization and exaggeration of threats. Within the analytical community it is important to note how bias exists in virtually everything and the team discussed ways in which bias could exist from the analyst, but also by those that receive the data. Andy, Jen and Dave discussed some of the root causes and how this can lead to and continue a cycle of misinformation and disinformation if not handled correctly. In fact, the more divisive our politics become, the more bias our media, the more people – politicians, the media, foreign governments, and others - fan the flames of division, the more challenging the role of the analyst can become. In the end, bias is a discussion that is encouraged to be had by all organizations to ensure they are accurately representing the threat and risk to…
Mar 23, 2021
The Gate 15 Interview EP 10. James Whalen, Technology and Cybersecurity Leadership
In this episode of The Gate 15 Interview, Andy Jabbour talks with James Whalen, SVP, Chief Information & Technology Officer, Boston Properties. In this podcast we address: * Jim’s background * Changes in facilities; changes in security * Threats facing facilities and broader implications * Security and collaboration * And more! James Whalen: James Whalen serves as Senior Vice President, Chief Information & Technology Officer for Boston Properties where he is responsible for the direction and implementation of technology services and solutions. Prior to joining the Company in March 1998, he served as Vice President, Information Systems of Beacon Properties. He is a graduate of the University of Notre Dame and a recipient of the New York City Urban Fellowship. Mr. Whalen is a current trustee and past President of the Boston Chapter of the Society for Information Management (SIM) and serves on the Real Estate Cyber Consortium, Realcomm Advisory Council, Commercial Facilities…
Mar 16, 2021
Nerd Out Security Panel Discussion: EP 11. Reopenings, Protests, and the future of Conspiracy
In the latest episode of Nerd Out, Dave and his merry band of nerdies, Bridget, Travis, and Joe, look at the latest news around the reopening and what organizations need to be on guard for as crowd sizes and capacity limits will test the ongoing health pandemic. Then the group looks at the way threat actors may respond. Will it be a target of opportunity or will new security measures be disruptive enough. Next, the panel looked at recent protests, and the potential for future protests (did people really forget about May Day!) and what ways they may change in a reopened world. Finally, what is the future of conspiracy theories and the movements that were charged over the past several years? The group then lightened it up a bit and went through some lightning round questions and discovered that the Snyder Cut really isn't a thing because no one particularly cared for it in the first place to even know it was a thing. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder;…
Mar 9, 2021
The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 - Faith-Based ISAO
TCE welcomes Faith-Based ISAO Executive Director, Mayya Saab on this episode. And no, this isn't the "FBI" ISAO... ;-) Listen in to find out what Mayya loves most about her role and her heart's desire in helping the entire community of faith be secure and resilient. Check out FB-ISAO at https://faithbased-isao.org/
Mar 2, 2021
The Risk Roundtable: EP 17. Oldsmar, Conspiracy Theories, and Arnold Shirts
In the latest episode of the Risk Roundtable, Andy, Jen, and Dave look at some recent events (Oldsmar) while looking ahead to upcoming events that may present risks (Qanon, the George Floyd murder trial, and upcoming religious holidays) but only after talking about Andy's taste in shirts. Then in the risk roulette, which Dave forgot again to find music for (or did he), Dave wonders about weather preparedness is overhyped while Jen circles back to lessons learned from Solar Winds and the concept of "zero trust" - not in Andy and Dave but in terms of cybersecurity. The gang wraps up talking about some of their struggles and what they are watching. But that's not all - after the credits Dave may have redeemed himself with a new theme for the risk roulette. Some of the links from today's episode: YouTube: Treatment Plant Intrusion Press Conference, 08 Feb. WaterISAC: 15 Cybersecurity Fundamentals for Water and Wastewater Utilities Gate 15: Blended Threats: Did Florida’s Cyber Att…
Feb 22, 2021
The Gate 15 Interview EP 9. Mark Herrera on Venues, Safety, and Security in 2021
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM; @IAVMWHQ). In this podcast we discuss a range of issues from the pandemic’s impact to venues, to security and preparedness with broad applicability to all organizations - from venues to places of worship, and across events and facilities of all types. We discuss a wide range of issues from the impacts of COVID on venues and events, and what lies ahead in 2021, ideas on enhancing security through conflict management and professionalism, and lot more. Mark talks about the importance of “programming the mind through mental preparation” noting that, “the body will go where the mind has been, if the mind hasn’t been there the body will not follow.” Mark is always full of great quotes. Some are shared below; listen to the conversation for more great insight and Herrera-isms! In the discussion we address: Mark’s backst…
Feb 15, 2021
Nerd Out Security Panel Discussion: EP 10. Singapore, Norway, Minnesota - what does it mean?
In the latest episode of Nerd Out, it was a five star day for Dave. First, you can hear him open up with his "Warrrrshington" versus President's Day poll (did you see what I did there), followed by the group getting into a discussion about behaviors and indicators of hostile events related to recent arrests and incidents in Singapore, Norway, and Minnesota, and the role that mental health plays a role into it. The team then looks at reporting such instances, before getting into the Florida Water breach and the ramifications as it highlights the various ways blended threats can have an impact to organizations. Unfortunately a real-time weather event prevented the group from getting into their lightning round (no pun intended considering the weather event), but not before Bridget was able to share her true feelings for a certain seven time Super Bowl winning quarterback. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee.…
Feb 9, 2021
The Cybersecurity Evangelist: EP 7 - The ISAC Series, Part 3 - Real Estate ISAC
Dave "Quarter" Pounder, host of the famed NerdOut! Security Panel Discussion joins me on this episode of The Cybersecurity Evangelist. Dave and I talk about the Real Estate ISAC. And no, it's not just for real estate companies - although I may have dropped a hint in the opening commentary about TCE being a great sponsorship opportunity for Berkshire Hathaway/Warren Buffet... ;-) Wouldn't that be nice! Dave and I had fun talking about how RE-ISAC shares information about potential physical and cybersecurity threats and vulnerabilities to help protect commercial facilities and the people who use them. Visit https://www.reisac.org/ to learn more!
Feb 1, 2021
The Risk Roundtable: EP 16. Singapore, Emotet, and the Roulette.
After opening up about their love of Groundhog day, the holiday and movie, the Risk Roundtable gang gets into the meat of their security discussions around the latest arrest in Singapore (Hostile Events), upcoming significant events to factor into consideration, and the global takedown of Emotet (the malware, not a weird allusion to the Egyptian god). Then in the Risk Roulette, which Dave still does not have good music for, the group discussions if there is anything to consider when looking at the Robin Hood / Wall Street Bets activity last week and the Capitol Hill riot, as well as the lingering effects of Solar Winds. The gang wraps it all up with some personal preferences before Andy tries to convince himself the Lions are still a football team. Some of the links referenced in the show include: EMOTET: https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation https://www.eurojust.europa.eu/worlds-most-dangerous-malware-emotet-disrupted-through-global-actio…
Jan 26, 2021
Nerd Out Security Panel Discussion: EP 9. Moving forward from Inauguration.
In the latest Nerd Out podcast, Bridget, Joe and Travis join Dave to discuss the continued fallout from the 06 January events at Capitol Hill and what it means post-Inauguration. Here's a hint, we still need to be prepared for domestic terror groups and how they may spin events for their benefit. The group then looks at what 06 January means from a security perspective moving forward and what lessons can be learned. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: email@example.com Bridget Johnson is the M…
Jan 25, 2021
The Gate 15 Interview EP 8. A discussion with Advanced Intelligence Chairman and CEO Vitali Kremez
In this episode of The Gate 15 Interview, Andy Jabbour talks with Vitali Kremez, the Chairman & CEO at Advanced Intelligence. In this podcast we discuss a lot of areas – from Vitali’s fascinating background, guitar playing, and journey to the United States, security issues, emerging and enduring threats and best practices, the evolving challenge of blended threats and convergence, and much, much more. A few relevant links to our podcast include: Advanced Intelligence Advanced Intelligence, Twitter: @IntelAdvanced VK Intel: Digital Forensics & Incident Response Twitter: @vk_dfir Bellingcat: Global Investigative Journalism Network The Citizen Lab AdvIntel & HYAS: Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders, 06 Jan 21. AdvIntel & Eclypsium: Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality, 09 Dec 20. AdvIntel: Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Stri…
1 hr 13 min
Jan 12, 2021
The Cybersecurity Evangelist: EP6 - The ISAC Series, Part 2
This month, The Cybersecurity Evangelist talks with WaterISAC's Director of Preparedness and Response, Chuck Egli. The conversation ran a little longer than I like to aim for, but it's understandable given that Chuck and I work closely together in support of WaterISAC. Plus, with WaterISAC being one of the oldest ISACs, I'm quite certain they've earned the extra spotlight! After a much longer than normal opening comment (I sense a trend here) running down a list of many of the ISACs - (most of) which you can find on The National Council of ISAC's webpage at https://www.nationalisacs.org/member-isacs - Chuck and I talk about all the ways WaterISAC supports the security and resilience of the water and wastewater sector with an all-hazards approach (not just cyber). Chuck's parting thoughts: Look into your ISAC community or ISAO…there is one for you!! While many have membership models, so many of them offer information and assistance for the benefit of all toward the greater global…
Jan 4, 2021
The Risk Roundtable: EP 15. Nashville, Solar Winds and more!
The Risk Roundtable gang kicks off 2021 with two events that ended 2020 - the Christmas Day bombing in Nashville and the Solar Winds cyber event. Andy, Jen and Dave go through the incidents and look at the responses in each instance as well as what may come of it moving forward in 2021 though maybe no lizard people (Shoutout to "V"!). Then in the Roundtable Roulette, Dave brings up how to deal with dis/misinformation while Jen reminds everyone that new year doesn't mean that we can forget about our stable of cyber threats, most notably Ransomware which continued to evolve throughout the year. Finally, with it being a new year, the gang looked at personal and professional goals such as Dave's desire to read more, Jen completing her "she-shed" and Andy's desire to be more like Dave. Andy's reference to Russian Hacking: https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html
Dec 27, 2020
The Gate 15 Interview EP 7. A look at 2020, security, and the media with Runa Sandvik and Brad Barkett
In this episode of The Gate 15 Interview, Andy Jabbour enjoys a really fun talk with Runa Sandvik and Brad Barkett, two security veterans both with considerable experience working to secure media at some of America’s most well-known papers. In this podcast we discuss: 2020 and the cyber threat environment The threats facing media today The role of media in security What we might anticipate in the new year Among other topics! Runa and Brad share some candid perspective, and a few fun tidbits about themselves in this year-end discussion on the cyber threat environment, security issues, and the media. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations. Runa Sandvik: Runa is a senior security researcher with years of experience in security and information sharing. Today, Runa works on digital security for journalists and other high-risk people. Her work builds upon experience from her time at The New York Times, Freedom of the…
Dec 21, 2020
Nerd Out! Security Panel Discussion: EP 8. Looking back to look forward and holiday goodies!
In this year end Nerd Out Security Panel Discussion podcast, the gang takes a look at the events of 2020 and the impacts they had on individuals and organizations and attempted to pull out lessons to be learned as we get ready to kick off 2021. But before digging into the topics, Bridget shared some personal news related to the impacts of COVID. The group then built upon Bridget's moving account and discussed that while COVID obviously dominated the news, there were other security issues that caused disruptions and may have gone overlooked - or maybe not. The discussion then took a detour and went into some lighter, jovial discussions around food choices around the perfect holiday meal, the team passes out some security resolutions and reminders to focus on in the hope of starting 2021 on a better foot. Thanks to all the listeners and followers - 2020 gave us the opportunity to kick off this podcast channel and we look to keep security at the forefront of these discussions in 2021 and…
Dec 7, 2020
The Risk Roundtable: EP 14. What security incident won the year?
Wrapping up a wild 2020, the Risk Roundtable crew looks at the security event or incident that took home the prize of most impactful. And no, COVID was not allowed! Was it "truth decay", domestic terrorism, ransomware, or any number of other incidents? The only thing that could be determined was that Dave was not getting any points for his submission. Then the gang played a little Roundtable Roulette and shared some of the areas that they would be looking at moving forward while also recognizing the courage of their teammate Bridget Johnson, who recently wrote about the passing of her mother from COVID (https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/). Also discussed were security situations around the vaccine dissemination and holiday shopping scams....fa-la-la-la-oh no! References brought up in the show: Coveware: Ransomware Recovery First Responders. Q3 Ransomware Demands rise: Maze Sunsets & R…
Nov 22, 2020
The Gate 15 Interview EP 6. From Blended Threats to Pandemic Lessons Learned with REN-ISAC’s Kim Milford
In this episode of The Gate 15 Interview, Andy Jabbour talks with Kim Milford, the Executive Director of the Research and Education Network Information Sharing and Analysis Center (REN-ISAC) which is focused on aiding and promoting operational protection and response within the research and higher education (R&E) communities. In this podcast we discuss: • REN-ISAC, higher education and critical infrastructure • The higher education threat landscape • REN-ISAC Blended Threat Workshops • Higher ed security coordination • COVID-19 lessons learned • Emerging concerns for higher ed and critical infrastructure • And more! Kim Milford serves as Executive Director of the REN-ISAC, working with research and education institutions, partners, and sponsors to provide services and information that allow member institutions to better defend technical environments from cyberthreats. Ms. Milford oversees administration and operations for the REN-ISAC. Ms. Milford served in several roles…
Nov 16, 2020
Nerd Out! Security Panel Discussion: EP 7. Protests, Terrorism, Holidays and love for Chris Krebs!
In the latest episode of the Nerd Out Security Panel Discussion podcast the gang reviews the election and what didn't happen and how lessons can be learned from that as well as looking at the current state of protests and how faith-based organizations have been on the front lines of support as well as taking up action. Then the panel looks at the current terrorism threat and how that could impact the upcoming holiday season for stores as well as faith-based organizations. In the lightning round, the panel shares pays tribute to the OG Chris Krebs for his handling of the election and dis/misinformation, as well as tackle other topics. Security expert Rob Yandow joins host Dave Pounder, Bridget Johnson and Joe Levy this month! Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.…
Nov 10, 2020
The Cybersecurity Evangelist: EP 5 – The ISAC Edition, Part 1 (for Infrastructure Security Month)
For this November episode of TCE I’ve decided to take on National Critical Infrastructure Security and Resilience Month, Critical Infrastructure Security and Resilience Month, Critical Infrastructure Month, Infrastructure Security Month, whew! Actually, I’ve been almost as overwhelmed with responses from people wanting to be a part of this edition as I am with the litany of names given to this critical observance. That said, this edition/theme is likely to be in three or four parts so we can evangelize as many ISAC’s (and ISAO’s) as we can! During this episode we get the ISAC party started with discussions from DNG-ISAC and MM-ISAC! Links to resources and organizations mentioned in this episode: Infrastructure Security Month https://www.cisa.gov/ismonth Critical Infrastructure Sectors https://www.cisa.gov/critical-infrastructure-sectors National Council of ISACs, list of member ISACs https://www.nationalisacs.org/member-isacs Downstream Natural Gas ISAC https://www.dngisa…
Nov 2, 2020
The Risk Roundtable: EP 13. Finally, Critical Infrastructure has come back to RR!
At long last, and after countless suggestions, the team channels their inner "Rock" and brings Critical Infrastructure back to the Risk Roundtable. After discussing Critical Infrastructure Security and Resilience Month and some of the key threats facing critical infrastructures. Andy then guides the team through some quick hits including Jorhena's appreciation for November also serving as Gratitude Month, or Dave Pounder Appreciation Month, Dave encouraging us to consider Security Mindfulness and Jen making sure we didn't forget any of the many threats facing Critical Infrastructure. And even though this was generally an "election free" podcast, be sure to catch Jorhena as she talked about election misinformation issues on Good Morning DC - link to follow. Plus someone is a little sensitive about Spookley the Square Pumpkin. Critical Infrastructure and Resilience Month: https://www.whitehouse.gov/presidential-actions/proclamation-critical-infrastructure-security-resilience-month-202…
Oct 26, 2020
The Gate 15 Interview EP 5: Elections Security 2020, with the FBI and the Elections Infrastructure ISAC
In this episode of The Gate 15 Interview, Andy Jabbour talks with Ben Spear, Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) and Al Murray, currently serving as the Assistant Special Agent in Charge over Cyber Investigations at FBI’s Washington Field Office (WFO). In our discussion we address: Recent election history and security issues; Threats to the upcoming 2020 election; What to expect on election day (and after); Words of wisdom for citizens and elections officials. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations.
1 hr 2 min
Oct 19, 2020
Nerd Out! Security Panel Discussion EP 6. Extremist Threats at Home and Abroad.
The Nerd Out Security Panel tackles the latest terrorist incidents in France as well as the disrupted plot in Michigan. There are a lot of valuable lessons learned from these incidents, as well as the recent revelations from the 2017 Manchester concert bombing. The group then goes rapid fire through some security topics to include concerns through the end of the year, security issues we may not be talking about, Edward Snowden, Magnum PI, Spencer for Hire and more. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Secur…
Oct 14, 2020
The Cybersecurity Evangelist: EP4 – “Am I doing enough?” Part 2
Shay Trembley, Information Security Manager of South Blount Utility District, and I finish up the remaining 4 "P's of Basic Cybersecurity" - a timely topic in recognition of National Cybersecurity Awareness Month (NCSAM). We address passwords, privacy, patching, and protection, and include several of our personal favorite resources for cybersecurity awareness for everyone. Shay's final tip: she encourages everyone to speak up and share information. The more everyone shares information about the cyber threats and risks, or even suspected threats and risks, the better we will all be informed and #BeCyberSmart. In recognition of NCSAM, we individually listed a ton of resources to help businesses and individuals to #BeCyberSmart: https://staysafeonline.org/, including National Cybersecurity Awareness Month and other NCSA resources https://www.sba.gov/ https://www.cisa.gov/ https://www.cisa.gov/information-sharing-and-awareness(for more on Information Sharing and Analysis Centers) htt…
Oct 6, 2020
The Risk Roundtable: EP 12. Bring Your Own Topic.
Andy, Jen, Jorhena and Dave go through a plethora of security topics as they introduce the "Opening Shot", before digging deep into some trends they have noted across industries to include the ever present cyber threats (hello ransomware), and social media threats, as well as touching on the upcoming elections. Then the team gets personal and talks about some of the things that have kept them busy over the past couple of months to include Jorhena's upcoming publication! Some references that were dropped during the pod: National Cybersecurity Awareness Month (NCSAM): https://www.cisa.gov/national-cyber-security-awareness-month https://staysafeonline.org/cybersecurity-awareness-month/ https://staysafeonline.org/cybersecurity-awareness-month/champions/view-all/ https://www.cisa.gov/national-cyber-security-awareness-month https://www.shodan.io/ Black Hills Information Security: Backdoors and Breaches Incident Response Game: https://www.blackhillsinfosec.com/projects/backdoorsandb…
Sep 28, 2020
The Gate 15 Interview: EP4. A look at Ransomware.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Jeremy Kennelly, a manager and principal analyst on FireEye’s Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. In the discussion we address: • The history of ransomware; • Ransomware’s evolution from WannaCry to present; • The current threat environment and best practices; • Where ransomware could be going into the future and the idea of blended threats.
Sep 22, 2020
Nerd Out! Security Panel Discussion: EP 5. Discussing Venues
On this month's Nerd Out! Security Panel Discussion, Dave Pounder hosts Joe Levy, Bridget Johnson and Travis Moran to talk about venue security and what it means in the coming months with the upcoming election and various outdoor events. The group also talks about drones, wildfires, and touches on National Insider Threat Awareness Month (https://www.cdse.edu/itawareness/index.html#0). Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homelan…
Sep 18, 2020
The Cybersecurity Evangelist: EP3 - "Am I Doing Enough?" Part 1
I am joined by Shay Trembley on the third episode of The Cybersecurity Evangelist (TCE). Shay and I discuss practical tips to the question “Am I doing enough?” We begin our chat with a very real-world incident that nearly cost a small-town water utility $3.2M in fraudulent wire transfers. Then we make a quick nod to two very “human-oriented” awareness initiatives before wading in to what I am calling on this episode, “the 5 P’s of basic cybersecurity” to help make sure you ARE doing enough! Resources discussed on this episode: KnowBe4 Mac Help for Mom (the content has not been updated in awhile, but is still useful for “mom” ;-) ) National Insider Threat Awareness Month National Cyber Security Awareness Month Sun Tzu’s The Art of War - For more discussion on The Art of War and cybersecurity, you might enjoy this post, Sun Tzu’s ‘The Art of War’ for Cybersecurity
Sep 1, 2020
The Risk Roundtable: EP 11. Protests and Security Awareness Months
In the latest episode of the Risk Roundtable, Andy leads Jen, Jorhena and Dave through a myriad of topics including the latest protest activity and what it means for organizations, as well as doing their part in promoting the latest Insider Threat Awareness Month, National Preparedness Month and the upcoming Cybersecurity Awareness Month. Protest activities can take on a life of their own and create challenges for organizations and their respective security teams. The team digs into how awareness and understanding can help them address these challenges that don't fit into the one-size-fits-all model of past protests. Resources: Insider Threat Awareness Month Scenario Cards: https://www.cdse.edu/documents/toolkits-insider/it-scenario-cards.pdf Insider Threat Awareness Month: https://www.cdse.edu/itawareness/index.html National Preparedness Month: https://www.ready.gov/september Cybersecurity Awareness Month: https://staysafeonline.org/cybersecurity-awareness-month/ What’s Your Plan?…
Aug 24, 2020
The Gate 15 Interview: EP 3. Disinformation, Misinformation… Too Much Information!?!
In this episode of The Gate 15 Interview, Andy Jabbour talks with Michael Klein, a K-12 IT Director and a leader for CTI League’s Disinformation Team, and Lee Foster, Senior Manager, Information Operations Analysis, with FireEye Intelligence. The group discusses: What we mean by the terms “misinformation” and “disinformation;” Information operations with regard to the COVID-19 pandemic; Geopolitical and domestic political interests and issue manipulation; Election disinformation, past, present and future; Ideas on deepfakes and the use of Synthetic Media; And Andy manages to work in another musical reference.
Aug 18, 2020
Nerd Out! Security Panel Discussion: EP 4.
Join Dave, Bridget Johnson, Travis Moran, and Jon Crosson as they talk about the latest security matters. Following up on the last episode, the panel discussed the cancellations of NCAA conference fall sports seasons including the increasingly popular College Football schedule. That was a smooth transition into the innovative ways networks have covered sports and if there was any type of innovation to the security sector. Could organizations replicate security "fans" or "crowd noise" - is that even a thing? And then we looked at the challenges within the healthcare sector and talked about how mental health and a future vaccine could impact security or fuel conspiracy theories. Jon Crosson works at the Health-Information Sharing and Analysis Center (H-ISAC). Their website (h-isac.org) includes a paper on information sharing best practices. Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Sec…
Aug 11, 2020
The Cybersecurity Evangelist - Demystifying Cybersecurity Myths - Part 2
This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity - even if we don’t have an online presence - and why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.
Aug 4, 2020
The Risk Roundtable: EP 10 - Geopolitics, Partnerships and Information Sharing
On the latest Risk Roundtable, the Gate 15 team discusses geopolitics and the impacts they have had on businesses around the world. Listen to Andy, Jorhena, Jen and Dave then get into partnerships and the need to rely on trusted relationships and information sharing. But they couldn't escape COVID and they weighted in on the impact it has had on sports leagues while hearing Andy's hope for his favorite football team.
Jul 27, 2020
The Gate 15 Interview: EP 2
In the newest episode of The Gate 15 Interview, Andy Jabbour talks with Errol Weiss, Chief Security Officer with the Health Information Sharing & Analysis Center (Health-ISAC). In their discussion Errol and Andy discuss the evolving cyber threat landscape - from those aimed at the healthcare community, the development of blended threats, ransomware, some of the cybersecurity challenges relating to COVID-19, and more. They also talk about the the benefits and challenges of information sharing and collaboration, and what it takes to make it successful.
Jul 22, 2020
Nerd Out! Security Panel Discussion: EP 3
In the latest episode, Dave is joined by Bridget Johnson, Travis Moran and Chuck Eglic to talk over the latest security matters. Teeing up with sports in the world of COVID, the group then "nerds out" about drones of the suicide variety, extremism and disinformation. Some references mentioned in the pod: Bridget's article on conspiracy theories: https://www.hstoday.us/subject-matter-areas/counterterrorism/conspiracy-theory-extremism-when-viral-claims-turn-dangerous/ START Report: https://mailchi.mp/start/new-radicalization-data-358122?e=b787119265 Drones: https://www.thedrive.com/the-war-zone/34414/we-talk-killer-drones-and-the-future-of-unmanned-warfare-with-aerovironments-steve-gitlin
Jul 20, 2020
The Cybersecurity Evangelist: EP 1 - Demystifying Cybersecurity Myths
Welcome to the inaugural episode of The Cybersecurity Evangelist - a cybersecurity podcast for everyone. On the last Gate 15 Risk Roundtable (Ep 9), I eluded to following up on the topic of ransomware for this first episode. But after some deliberation, I thought a better place to start a new podcast on cybersecurity and how it is relevant to everyone, was to myth bust some commonly held beliefs. This episode is part 1 of 2, where I phish for answers by demystifying some myths with help from Travis Farral, including how cybersecurity is more than just a technology/computer problem, how increasing your cyber hygiene and security posture does not have to cost a lot of money, and how easy it is to buy a kit or an application if you are looking to launch your miscreant career! Some great resources mentioned in today's episode to help you understand more about the cyber threats that we all face everyday and to help you increase your cyber hygiene include: Verizon's Data Breach Investigatio…
Jul 7, 2020
The Risk Roundtable: EP 9
The people have spoken! The Gate 15 Pod has now become the Risk Roundtable. In this episode the gang is back at it again. Andy, Jorhena, Jen and Dave talk about extremism going mainstream, the continuously evolving threat of ransomware (double extortion, cartels, and encryption), as well as issues with reopenings around the world and the possible security implications. So much to get into that you may miss Jen pushing her new podcast - The Cybersecurity Evangelist (out next week!). Plus Jorhena giving a shout out to a co-worker.
Jun 25, 2020
The Gate 15 Interview: EP 1
In this inaugural Gate 15 interview podcast, Andy Jabbour talks with Jorhena Thomas on her recent post “Intel Community, Our Turn is Coming,” as they discuss informed, inclusive analysis as well as related thoughts on current racial tensions, protests, biases, the threat environment, and how we, as individuals and as a community, can strive towards being our best.
Jun 9, 2020
Nerd Out! Security Panel Discussion: EP 2
Nerd Out is stepping out on its own. Dave Pounder is taking his band of merry men and women to discuss various security topics and show their true “nerd” related to security matters. In this episode Dave is again joined by Andy Jabbour and Travis Moran and they welcome in Tamara Herold to discuss the latest protests, what some of the takeaways are related to impacts on organizations and where protests in general go from here. Our Panelists: Tamara D. Herold, Ph.D., Associate Professor, Graduate Director, University of Nevada, Las Vegas (UNLV) Director, Crowd Management Research Council Department of Criminal Justice Travis Moran, Welund North America Vice President of Operations Email firstname.lastname@example.org | Website www.welund.com | twitter: @dronin_on Andy Jabbour, The Gate 15 Company Managing Director / Founder twitter: @gate_15_analyst David Pounder, The Gate 15 Company twitter: @dpounder
Jun 1, 2020
The Risk Roundtable: EP 8
In this episode Andy, Jen and Dave welcome Jorhena Thomas to the pod to discuss protests, disinformation, reopening and what impacts they may mean for organizations. The team also banters about naming the pod as well as share a little “inside baseball” hurricane poll even though Andy doesn’t care much for baseball.
May 18, 2020
Nerd Out! Security Panel Discussion: EP 1
In this new episode we bring the Gate 15 Pod crew together to discuss security concerns around the re-opening of many business around the world on the physical security and cyber security side.
May 4, 2020
The Gate 15 Pod: EP 7
In this episode Andy, Dave and Jen discuss Ramadan, the infodemic, as well as the impacts of the re-opening / re-entry of businesses across around the world. The team then wraps it up with a couple thoughts to hurricanes and National Hurricane Preparedness Week.
Apr 27, 2020
The Gate 15 Pod: EP 6. Pandemic Preparedness After Action Reports Webinar
In this episode Gate 15 shares a webinar led by Casey Ateah, Gate 15’s Director of Preparedness, Andy Jabbour, Gate 15 Managing Director and including David Pounder, Gate 15 Director of Threat and Risk Analysis. In this webinar, the Gate 15 team discusses why often, many organizations don’t do a great job of completing a deliberate after-action review process or developing effective after-action reports (AARs) after incidents, from small-scale events to significant threats, such as the current COVID-19 pandemic. The webinar covers topics such as how to get started on an AAR process by identifying the needed resources and getting those resources to conduct the necessary analysis in order to draft an After-Action Report and Improvement Plan. Andy also shares some thoughts on the importance of preparedness and imagination when working towards personal, organizational and national resilience.
1 hr 6 min
Apr 15, 2020
The Gate 15 Pod: EP 5
This will be the first in a new podcast offering from The Gate 15 Company. In this episode we welcome security experts Bridget Johnson and Travis Moran as well as Gate 15 Managing Director Andy Jabbour to talk about terrorism, extremism, drones and surveillance measures in the COVID world. Bridget: Homeland Security Today - Twitter: @bridgetcj. HS Today is hosting a webinar on 23 April on domestic extremist motivations, targets and tactics. Travis: Vice President of Operations, Welund North American, email@example.com - Twitter: @dronin_on
Mar 30, 2020
The Gate 15 Pod: EP 4
There is a lot of information out there related to COVID. Aside from initial reactions, the team looks ahead to what’s next and how do we start preparing to handle incidents in a COVID world.
Mar 5, 2020
The Gate 15 Pod: EP 3
So much can change in a month. Last month we touched on COVID-19, and this episode we dig more into questions about preparedness and the resulting cyber scams associated with it. Then we transition to other cyber issues, specifically Business Email Compromise and phishing.
Feb 3, 2020
The Gate 15 Pod: EP 2
Episode 2. Today we talk nCoV. What do you need to know, and should you be concerned. Also talk about how events like nCoV could lead to scams. Finally we hit building security and the latest terrorist / extremist activity.
Jan 9, 2020
The Gate 15 Pod: EP 1
Episode 1. Looking back at the security challenges in 2019 and ahead to what we may expect in 2020. Join Andy Jabbour, Jennifer Lyn Walker and David Pounder.