))
Cybersecurity weekly podcast series featuring industry thought leaders discussing security solutions, best practices, threat intel, and more. Our primary topics within InfoSec include: Application Security; Artificial Intelligence; Blockchain; Career Development; Cloud Security; Encryption / DLP; Endpoint / Mobile / IoT Security; GRC; Incident Response / SIEM; Identity and Access Management; Network Security; Privacy; Ransomware / Malware; and Security Awareness.
…
continue reading
Business Email Compromise (BEC) remains rampant, with annual losses in the billions of dollars. Every type of organization is at risk. During this episode, we discuss key things your organization and people should know about this cybercrime, plus the most effective way to respond in hopes of recovering some of the losses. Our two guests are with th…
…
continue reading
What is a cyber mercenary group and who are they attacking through cyberspace? In this episode, Feike Hacquebord, Sr. Threat Researcher at Trend Micro, reveals extensive details of a cyber mercenary group he has been tracking for more than a year, which he calls Void Balaur. "They target a lot of doctors… they are sending phishing emails to target …
…
continue reading
This discussion on the cybersecurity talent pipeline problem is unlike any other you have heard before. And you and your organization could play a part in growing the future of the cybersecurity workforce. We're talking with the founders of the Last Mile Education Fund: • Rian Walker, Information Security Analyst, Financial Sector • Sarah Lee, Dire…
…
continue reading
Can brain hacks and cybersecurity habits improve the security posture at your organization? CISO George Finney of Southern Methodist University believes the answer is yes and he makes his case in this episode. Also, here's a big idea: cybersecurity doesn't slow down digital transformation, it speeds it up. Gigamon CTO Shehzad Merchant explains how …
…
continue reading
Andrew "AJ" Jarrett is Applied Cybersecurity Program Manager at the Cyber Readiness Center (CRC) and Texas A&M Engineering Extension Service (TEEX). He's been a wildland firefighter for more than a decade and believes Emergency Response frameworks that save lives can apply to cyber incident response and IT security to help protect organizations. He…
…
continue reading
Ed Cabrera is the former CISO of the United States Secret Service and current Chief Cybersecurity Officer at Trend Micro. He believes we are at an inflection point in cybersecurity and is cautiously optimistic. During this conversation with SecureWorld, Cabrera also discusses ransomware, cryptocurrency, threat intelligence, cyber insurance, and mor…
…
continue reading
In this SecureWorld Sessions podcast bonus episode, three Chief Information Security Officers play a game show around modern cyber resilience. What is cyber resiliency, how do you align it with business objectives, and is it possible a unicorn won this battle of the CISOs? Contestants include Ricardo Lafosse, CISO, The Kraft Heinz Company; Michael …
…
continue reading
Our guest on this episode is Jeremy C. Sheridan, Assistant Director, Office of Investigations, at the United States Secret Service. We discuss the evolution of ransomware in cybercrime, including: advances in technology, cyber insurance, the cryptocurrency challenge, the sophistication of ransomware actors, and much more. Also, thank you to Trend M…
…
continue reading
Princeton University implemented a multi-year program to create a culture of cybersecurity throughout campus. It has already made an impact on the organizational security mindset, including risk reduction, implementing new technologies, broadening security knowledge, and strengthening campus partnerships. In this episode, listen to David Sherry, CI…
…
continue reading
What can organizations, the U.S. government, and everyday citizens do to stop the surge of ransomware and cyber threats hitting us from overseas? In this episode, we hear from retired Air Force Colonel Cedric Leighton. Leighton is a CNN military analyst who held cyber leadership positions while serving in the Air Force and currently runs the Cedric…
…
continue reading
Are CISOs getting sued? Yes. Investors filed a lawsuit that specifically names the CISO of SolarWinds as a defendant. Is this the beginning of a trend to sue the Chief Information Security Officer after a cyber incident? #InfoSec twitter reacts, and so do the experts on today's podcast: Rebecca Rakoski is co-founder and Managing Partner of XPAN Law…
…
continue reading
In this true cybercrime episode, we uncover the case of an insider threat scheme at an AT&T Wireless call center. Court documents reveal how rogue employees collected approximately $1 million in bribes. Plus, Dr. Larry Ponemon discusses the Insider Threat risk, and John Grimm discusses Insider Threat best practices. Resource Links: • Trend Micro re…
…
continue reading
In this true cybercrime episode, we interview Myra Rosario-Fuentes, Senior Threat Researcher at Trend Micro, who just completed an in-depth, two-year research project on Dark Web markets, especially those selling exploits that hackers use to take advantage of security holes in networks and devices. How much is a Zero Day exploit worth on the Dark W…
…
continue reading
In this true cybercrime podcast episode, we interview Alexander Urbelis, cyber attorney and threat intelligence expert, who uncovered a cyberattack against the World Health Organization at the start of the coronavirus pandemic. Resource Links: • Trend Micro phishing and ransomware white paper: https://resources.trendmicro.com/rs/945-CXD-062/images/…
…
continue reading
In this true cybercrime episode, we interview Cam, who was arrested for hacking when he was 14 years old. One of his focused cyberattacks was against SeaWorld San Diego. Now, he works as a cybersecurity professional. How did he get into cybercrime and then into a role defending against it? It all started with gaming. Resource Links: • Trend Micro's…
…
continue reading
How can we scale up the development of our collective cybersecurity talent pipeline, and what role can you play in this? How can your organization help develop talent? How can your alma mater or current university play a part in this? Hear about a model for this kind of work underway through partnerships at New York University Tandon School of Engi…
…
continue reading
Listen in as U.S. state cybersecurity leaders discuss key topics: • coming year priority projects • the ransomware surge and preparing for security incidents • their organization's security culture and training to deal with issues • innovative, special projects they are most excited about moving forward Featured presenters on this podcast panel: • …
…
continue reading
Nancy Rainosek is the Chief Information Security Officer (CISO) for the State of Texas. She knows all about ransomware incident response. Her team played a key role in remediation after a coordinated ransomware attack hit 22 state agencies in Texas in a single day. 1. What was that ransomware day like for Rainosek and her team? 2. Was there a commo…
…
continue reading
Josh Jackson is Founder and Executive Director of the AI Association, which advocates for the furtherance of artificial intelligence and automation in the United States. In this wide-ranging discussion about AI, Jackson unpacks the following: 1. How should we define artificial intelligence? 2. Where is the intersection of cybersecurity and AI? 3. W…
…
continue reading
Shawn Tuma is a nationally known "breach quarterback" or "incident response coach" who walks victimized companies through the fallout of a ransomware attack. In this episode, he discusses the following: 1. What stages do organizations and security teams experience during a ransomware attack? 2. Would making ransomware payments illegal disrupt this …
…
continue reading
Join a CISO panel for a fast-moving discussion around the following questions: 1. The state of cybersecurity: what can we understand from security's rise and the rise of the CISO? 2. What does the business need more of from security teams? And what about from security leaders? 3. Are InfoSec job postings way out of line with reality? 4. What is som…
…
continue reading
2020 was a "blender" year, during which data privacy and cybersecurity seemingly took a backseat to the other major, pressing health and social issues. As more and more people are getting vaccinated and we reemerge into a world that looks a lot different (i.e. new laws and regulations, new threats, etc.), we need to consider and refocus on the impo…
…
continue reading
Are you "stuck" somewhere along your cybersecurity career path? Are you planning to pursue your InfoSec career goals "someday" down the road? Belinda Enoma has a cybersecurity and privacy background, and she's a Certified Information Privacy Professional (CIPP) in the U.S. She is also a career advice expert and the Founder of Activate & Implement L…
…
continue reading
In this episode, Michael Meyer, Chief Risk Officer and Chief Innovation Officer at MRS BPO, exposes three crucial myths around IAM in cloud, especially a multi-cloud environment. Are you believing the myths that stand in the way of properly implementing IAM (Identity and Access Management) in your cloud environments? Also, today's Trend Micro Top 3…
…
continue reading
In this episode, Mark Eggleston, Vice President and CISO/CPO of Health Partners Plans, speaks with security leaders about cyber resiliency, the return to the workplace, combatting nation-state cyber threats, pandemic lessons that can fuel digital innovation, and mental health in cybersecurity. Panelists include: • Anahi Santiago, CISO, ChristianaCa…
…
continue reading
In this episode, social engineering professor, entrepreneur, and author Christopher Hadnagy shares social engineering case studies and explains how these attacks are evolving and how you can protect yourself and your end-users. Hadnagy draws from decades of human behavioral research and his time as "Chief Human Hacker" at Social-Engineer, LLC. Reso…
…
continue reading
In this episode, we are discussing lessons learned from a CISO who led the way on her organization's business continuity plan (BCP) and pandemic plan. Milinda Rambel Stone is VP and CISO at Provation Medical. She shares a first-hand account of the planning, implementation, and takeaways from her company's BCP. And buckle up: security teams face mor…
…
continue reading
In this episode, we are discussing a hotly debated topic in cybersecurity: best in breed point solutions versus an all in one type of security platform. Which is the best approach for your organization? And how is this part of the security landscape changing? Our guest is Greg Young, Vice President of Cybersecurity and Corporate Development at Tren…
…
continue reading
We are talking about how to align information security with the business. And our guest, ISSA International President Candy Alexander, says we may be thinking about this strategy in the wrong way. She is not afraid to be controversial, and in this episode she shares what security and business alignment should look like. Candy is also Chief Informat…
…
continue reading
In this episode, we start with a dramatization of a ransomware attack, which leads us to the ransomware lifecycle in real life. What is a ransomware attack incident response really like? How should you respond in the first hours? What does a 72-hour ransomware response look like? What should you do in the weeks and months following? Hear real-life …
…
continue reading
When an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible ch…
…
continue reading
We are asking questions about the SolarWinds data breach fallout. How did the SolarWinds breach impact everything related to legal and compliance? And how does it change the way you should look at Vendor Risk Management? We get answers from Glenn Kapetansky, CSO and Technology Capability Lead, at Trexin Group; and Rebecca Rakoski, Co-Founder and Ma…
…
continue reading
"We were not prepared for a SolarWinds type of supply chain attack," says Cedric Leighton, CNN Analyst and U.S. Air Force Colonel (Ret.). In this podcast episode, Leighton examines how wide the impact of the SolarWinds cyberattack might be, possible collateral damage from the attack, and the most likely nation-state behind it all. Plus, Leighton ex…
…
continue reading
Long-term predictions are risky, but Rik Ferguson likes to predict things a decade into the future. Rik is Vice President of Security Research at Trend Micro. Building off his Project 2020, Rik is now working on Project 2030. In our interview, we get a glimpse of the future of AI, the future of malware, the future of wearables, the future of ransom…
…
continue reading
What does the 2021 cyber law and privacy law landscape look like? Our first guest is attorney Jordan Fischer of Beckage Law. And how can you ensure total data discovery and then manage that big data with security and compliance in mind? Our second guest is Arun Gandhi, Vice President at 1touch.io, which specializes in this area. Also, we have new r…
…
continue reading
What does a resilient and secure organization look like? What are key strategies and technologies these organizations should have? How does a resilient organization empower its employees? In this episode, we glean insights from Adam Leisring, Chief Information Security Officer at Paycor. Also, we have new research from Trend Micro. The latest repor…
…
continue reading
In this episode, we are learning about modern cybersecurity leadership. We hear from Yaron Levi, CISO of Blue Cross and Blue Shield of Kansas City. Levi shares about what security professionals need to do now to lead. And he helps us consider the following questions: Why is information security mainly reactive instead of proactive? Why do most orga…
…
continue reading
In this episode, we talk to Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro. 2020 was the cloud's biggest year, and we're talking about securing the cloud into the future. How do we make cloud security usable? How do we make cloud security stable? What does building in this environment look like right now, and what is the state of…
…
continue reading
In this episode, we talk to cybersecurity leaders in the oil and natural gas industry. Experts from the ONG-ISAC (Oil and Natural Gas Information Sharing and Analysis Center) answer the following questions: • What does the cyber threat landscape look like for the petroleum industry, and what are the potential impacts? • What are barriers to sharing…
…
continue reading
In this episode, we talk to James Goepel about the Cybersecurity Maturity Model Certification (CMMC). He discusses this important new certification for supply chain security within the U.S. Department of Defense (DoD) system, addressing the following: • Why was the CMMC created? • Who needs the CMMC? • How will the CMMC work? • Will the CMMC spread…
…
continue reading
In this episode, we talk to Julia Voo, one of the authors of the newly published National Cyber Power Index 2020. Which country is the most powerful in cyberspace? The NCPI takes a "whole of country" approach to measuring cyber power, ranking 30 countries in the context of seven national objectives. Voo is a Cyber Fellow at the Belfer Center for Sc…
…
continue reading
In this episode, we hear from Don McKeown, Information Security Manager at Wolters Kluwer Health. He talks about the various levels of culture within an organization, and the culture of security. Plus, approaches to security: blocking and tackling programs, compliance-based information security programs, and risk-based InfoSec programs. McKeown spo…
…
continue reading
In this episode, we hear from Dan Pepper, Partner on BakerHostetler's Privacy and Data Protection team. He frequently handles security incidents, interacting with federal and state agencies and forensic service providers, and has overseen investigations including many cases of ransomware. How are attackers launching their ransomware attacks? Should…
…
continue reading
In this episode, we are partnering with the non-profit Cybercrime Support Network (CSN) to raise awareness as part of their Youth and Cybercrime Week. We interview Cam, who was arrested for cyberattacks when he was 14 years old and now works as a cybersecurity professional. How did he get into cybercrime and then into a role defending against it? W…
…
continue reading
In this episode, we share part of a SecureWorld presentation by Sandy Silk, Director of Information Security Education and Consulting at Harvard University. In her presentation, titled "Hey, InfoSec: Be Part of the Digital Transformation or Be Left Behind!," Silk discusses how security teams need to evolve to deliver the same digital transformation…
…
continue reading
CISO Milinda Rambel Stone and Human Resources VP Susan Hanson, both of Provation Medical, worked together on a pandemic plan completed just as the COVID-19 pandemic hit the U.S. They discuss these questions: How does a pandemic plan fit with a Business Continuity Plan (BCP)? How did the business, including information security, communicate during t…
…
continue reading
In this episode, we are speaking with Joshua Cloud, Director of Information Security at NFI, as he answers three important questions for us: 1. What is Artificial Intelligence (AI)? 2. What is Machine Learning (ML)? 3. How can we use AI and ML in cybersecurity and cyber defense? Also, new research, just published by Trend Micro, our premiere podcas…
…
continue reading
In this episode, we are speaking with cybersecurity and technology influencer Chuck Brooks about emerging technologies that can help you defend your organization in cyberspace. Brooks covers everything from the future of quantum computing and the encryption debate to China in tech, election cybersecurity, 5G concerns, and low-hanging cybersecurity …
…
continue reading
In this episode, we hear from Joe Zurba, Chief Information Security Officer at Harvard Medical School. He details the challenging Identity and Access Management landscape the school faces and how it navigates IAM. Zurba was a keynote speaker at the 2020 SecureWorld Boston virtual conference. Also, updates on ThiefQuest (EvilQuest), the quickly-evol…
…
continue reading
In this episode, we are speaking with cybersecurity researcher, pentester, and author Vinny Troia. His new book is "Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques." He explains how he tracked down the alleged hackers behind Gnostic Plays, Shiny Hunters, NSFW, and the The Dark Overlord groups. And it …
…
continue reading
