DiscoverCSO Perspectives (public)
CSO Perspectives (public)
Claim Ownership

CSO Perspectives (public)

Author: N2K Networks

Subscribed: 91Played: 4,740
Share

Description

Encore seasons of the popular CyberWire Pro podcast hosted by Chief Analyst, Rick Howard. Join Rick and the Hash Table experts as they discuss the ideas, strategies and technologies that senior cybersecurity executives wrestle with on a daily basis. For the latest seasons ad-free along with essays, transcripts, and bonus content, sign up for CyberWire Pro.

97 Episodes
Reverse
Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai’s Advisory CISO. Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks [Journal Article]. The Cyber Defense Review. URL https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2420129/implementing-intrusion-kill-chain-strategies-by-creating-defensive-campaign-adv/ Staff, 2023. The Ultimate Guide to Sigma Rules [Blog]. THE GRAYLOG BLOG. URL https://graylog.org/post/the-ultimate-guide-to-sigma-rules/ Seuss, Dr., 1990. Oh, the Places You’ll Go! [Book]. Goodreads. URL https://www.goodreads.com/book/show/191139.Oh_the_Places_You_ll_Go_?ref=nav_sb_ss_1_14 Beriro, S., ishmael, stacy-marie, 2023. Crypto Hackers Stole Record Amount in 2022, Fueled by North Korea’s Lazarus [Podcast]. Bloomberg. URL https://www.bloomberg.com/news/articles/2023-02-23/crypto-hackers-stole-record-amount-in-2022-fueled-by-north-korea-s-lazarus cisagov, 2023. Decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. [Code Repository]. GitHub. URL https://github.com/cisagov/Decider/ Hutchins, E., Cloppert, M., Amin, R., 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [White Paper]. Lockheed Martin. URL https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf JupiterDoc, 2011. Law & Order Full Theme (High Quality) [Theme]. YouTube. URL https://www.youtube.com/watch?v=xz4-aEGvqQM Nickels, K, 2019. Introduction to ATT&CK Navigator [Video]. YouTube. URL https://www.youtube.com/watch?v=pcclNdwG8Vs Page, C., 2022. US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft [website]. TechCrunch. URL https://techcrunch.com/2022/04/15/us-officials-link-north-korean-lazarus-hackers-to-625m-axie-infinity-crypto-theft/ Page, C., 2022. North Korean Lazarus hackers linked to $100M Harmony bridge theft [Website]. TechCrunch. URL https://techcrunch.com/2022/06/30/north-korea-lazarus-harmony-theft/ Staff, n.d. Lazarus Group (G0032) [Wiki]. Mitre ATT&CK Navigator. URL https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0032%2FG0032-enterprise-layer.json Staff, n.d. Lazarus Group, Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 [Wiki]. MITRE ATT&CK®. URL https://attack.mitre.org/groups/G0032/ Staff, n.d. Lazarus Group [Wiki]. Tidal Cyber. URL https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08-Lazarus%20Group Staff, January 2023. Best Practices for MITRE ATT&CK® Mapping [White Paper]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping Staff, March 2023. CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping [Announcement]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping Staff, n.d. List of top Cryptocurrency Companies - Crunchbase Hub Profile [Website]. Crunchbase. URL https://www.crunchbase.com/hub/cryptocurrency-companies Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B., 2020. ATTACK Design and Philosophy March 2020 Revision [White Paper]. Mitre. URL https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of cybersecurity risk forecasting with guests Fred Kneip, CyberGRX’s founder and President of ProcessUnity, and Kevin Richards, Cyber Risk Solutions President. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.   Howard, R., 2023. Bonus Episode: 2023 Cybersecurity Canon Hall of Fame inductee: Superforecasting: The Art and Science of Prediction by Dr Phil Tetlock and Dr Dan Gardner. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/5567/notes Howard, R., 2022. Risk Forecasting with Bayes Rule: A practical example. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/88/notes Howard, R, 2023. Superforecasting: The Art and Science of Prediction [Book review]. Cybersecurity Canon Project. URL icdt.osu.edu/superforecasting-art-and-science-prediction. Howard, R., 2022. Two risk forecasting data scientists, and Rick, walk into a bar. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/89/notes Howard, R., Freund, J., Jones, J., 2016. 2016 Cyber Canon Inductee - Measuring and Managing Information Risk: A FAIR approach [Interview]. YouTube. URL https://www.youtube.com/watch?v=vxBpAnSBaGM Hubbard , D.W., Seiersen, R., 2016. How to Measure Anything in Cybersecurity Risk [Book]. Goodreads. URL https://www.goodreads.com/book/show/26518108-how-to-measure-anything-in-cybersecurity-risk Clark, B., Seiersen , R., Hubbard, D., 2017. “How To Measure Anything in Cybersecurity Risk” - Cybersecurity Canon 2017 [Interview]. YouTube. URL https://www.youtube.com/watch?v=2o_mAavdabg&t=93s Freund, J., Jones, J., 2014. Measuring and Managing Information Risk: A FAIR Approach [Book]. Goodreads. URL https://www.goodreads.com/book/show/22637927-measuring-and-managing-information-risk Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. URL https://corpgov.law.harvard.edu/2021/05/01/corporate-governance-update-materiality-in-america-and-abroad/ Posner, C., 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Essay]. The Harvard Law School Forum on Corporate Governance. URL https://corpgov.law.harvard.edu/2023/08/09/sec-adopts-final-rules-on-cybersecurity-disclosure/ Linden, L.V., Kneip, F., Squier, Suzie , 2022. Threats Across the Globe & Benchmarking with CyberGRX [Podcast]. Retail & Hospitality ISAC Podcast. URL https://pca.st/a49enjb1 Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission. URL https://www.sec.gov/news/statement/lizarraga-statement-cybersecurity-072623 Staff, 2022. Benchmarking Cyber-Risk Quantification [Survey]. Gartner. URL https://www.gartner.com/en/publications/benchmarking-cyber-risk-quantification Tetlock, P.E., Gardner, D., 2015. Superforecasting: The Art and Science of Prediction [Book]. Goodreads. URL https://www.goodreads.com/book/show/23995360-superforecasting Winterfeld, S., 2014. How to Measure Anything in Cybersecurity Risk [Book review]. Cybersecurity Canon Project. URL https://icdt.osu.edu/how-measure-anything-cybersecurity-risk Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Distributed Denial of Service (DDOS) prevention with CyberWire Hash Table guests Steve Winterfeld, Akamai’s Field CSO, and Jim Gilbert, Akamai’s Director Product Management, and Rick Doten, the CISO for Healthcare Enterprises and Centene. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.   Azure Network Security Team, 2023. 2022 in review: DDoS attack trends and insights [Website]. Microsoft Security Blog. URL https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/ Howard, R., 2014. Fatal System Error [Book Review]. Cybersecurity Canon Project. URL https://icdt.osu.edu/fatal-system-error Mashable, 2019. The World’s First Cyber Crime: The Morris Worm [KERNEL PANIC] [Video]. YouTube. URL https://www.youtube.com/watch?v=o2dj2gnxjtU (accessed 8.8.23). Montgomery, D., Sriram, K., Santay, D.J., 2022. Advanced DDoS Mitigation Techniques [Website]. NIST. URL https://www.nist.gov/programs-projects/advanced-ddos-mitigation-techniques. Schomp, K., Bhardwaj, O., Kurdoglu, E., Muhaimen, M., Sitaraman, R.K., 2020. Akamai DNS: Providing Authoritative Answers to theWorld’s Queries [Conference Paper]. Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. URL https://groups.cs.umass.edu/ramesh/wp-content/uploads/sites/3/2020/07/sigcomm2020-final289.pdf Sparling, C., Gebhardt, M., 2022. The Relentless Evolution of DDoS Attacks [Blog]. Akamai Technologies. URL https://www.akamai.com/blog/security/relentless-evolution-of-ddos-attacks. Staff, January 2023. The Evolution of DDoS: Return of the Hacktivist [Akamai White Paper]. FS-ISAC. URL https://www.fsisac.com/akamai-ddos-report. Staff , 2023. 2023 The Edge Ecosystem [White Paper]. AT&T Cybersecurity. URL https://cybersecurity.att.com/resource-center/infographics/2023-securing-the-edge. Winterfeld, S., 2023. Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days [Website]. Akamai Technologies. URL https://www.akamai.com/blog/security/ransomware-on-the-move-evolving-exploitation-techniques Radware, 2012. DNS Amplification Attack [Video. YouTube. URL https://www.youtube.com/watch?v=xTKjHWkDwP0  Chickowski, E., 2020. Types of DDoS attacks explained [Website]. AT&T Cybersecurity. URL https://cybersecurity.att.com/blogs/security-essentials/types-of-ddos-attacks-explained Nilsson, J., 2010. The Book of Numbers: A History of the Telephone Book [Website]. The Saturday Evening Post. URL https://www.saturdayeveningpost.com/2010/02/book-numbers Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the meaning of quantum computing through a cybersecurity perspective with CyberWire Hash Table guests Dr. Georgiana Shea, Chief Technologist at the Foundation for Defense of Democracies, and Jonathan France, the Chief Information Security Officer at ISC2. Research contributors include Bob Turner, Fortinet’s Field CISO – Education, Don Welch, New York University CIO, Rick Doten, CISO at Healthcare Enterprises and Centene, and Zan Vautrinot, Major General - retired. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.   Deen, S., 2008. 007 | Quantum of Solace | Theme Song [Video]. YouTube. URL https://www.youtube.com/watch?v=YMXT3aJxH_A  Dungey, T., Abdelgaber, Y., Casto, C., Mills, J., Fazea, Y., 2022. Quantum Computing: Current Progress and Future Directions [Website]. EDUCAUSE . URL https://er.educause.edu/articles/2022/7/quantum-computing-current-progress-and-future-directions. France, J., 2023. Quantum Compute and CyberSecurity, in: ISC2 Secure Summits.  France, J., 2023. The Race Against Quantum: It’s Not Too Late to be the Tortoise that Beat the Hare [Essay]. Infosecurity Magazine. URL https://www.infosecurity-magazine.com/opinions/race-quantum-tortoise-beat-hare/.  Shea, Dr.G., Fixler, A., 2022. Protecting and Securing Data from the Quantum Threat [Technical Note]. Foundation for the Defense of Democracies. URL https://www.fdd.org/wp-content/uploads/2022/12/fdd-ccti-protecting-and-securing-data-from-the-quantum-threat.pdf   Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses cybersecurity first principle strategies with CJ Moses, CISO of AWS. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.   Staff, 2022. AWS Security Profile: CJ Moses, CISO of AWS [Bio]. Amazon Web Services. URL https://aws.amazon.com/blogs/security/aws_security_profile_cj_moses_ciso_of_aws/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, formerly the CyberWire, discusses how to use the cybersecurity first principle strategy of zero trust with commercial applications and in-house software development. Chris Niggel, Okta Field CSO, joins him for the discussion. Howard, R., Bittner, D., 2023. What is data centric security and why should anyone care? [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cyberwire-x/46/notes. Howard, R., 2020. Your security stack is moving: SASE is coming. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/1/notes Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, The CyberWire’s Chief Analyst, CSO, and Senior Fellow, and the cast of the entire CyberWire team, honor our U.S. veterans on this Memorial day. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Dan Gardner about this 2023 Cybersecurity Canon Hall of Fame book: “Superforecasting: The Art and Science of Prediction.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Nicole Perlroth about her 2023 Cybersecurity Canon Hall of Fame book: “This Is How They Tell Me the World Ends.” Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, and Andy Hall, Cybersecurity Canon Committee Member, discuss the 2023 Cybersecurity Canon Hall of Fame book inductee: “The Hacker and the State” by Ben Buchanan. Learn more about your ad choices. Visit megaphone.fm/adchoices
Chaos Engineering started in the mid 2000s. It was made famous by the Netflix engineering team under an internal app they developed, called Chaos Monkey, that randomly destroyed pieces of their customer-facing infrastructure, on purpose, so that their network architects could understand resilience engineering down deep in their core. But the concept is much more than simply destroying production systems to see what will happen. This elevates the idea of regression testing to the level of the scientific method designed to uncover potential and unknown architectural designs that may cause catastrophic failure. I make the case that the CSO should probably own that functionality. Learn more about your ad choices. Visit megaphone.fm/adchoices
The 2021 Colonial Pipeline ransomware attack: We can use cyber sand tables to enhance our cybersecurity first principle defenses since the concept, in various forms, have been used by military commanders, coaches, and athletes since the world was young. This show puts the Colonial Pipeline hack on the cyber sand table to see what might have been done differently. Learn more about your ad choices. Visit megaphone.fm/adchoices
Since the early 2000s, most infosec practitioners have agreed that a public/private partnership to share threat intelligence is a cybersecurity first principle tactic. Since the first CERT in the late 1980s to the CISA Shields Up program this year (2022), the community has come a long way but it's safe to say that there is much room for improvement. In this Rick the Toolman episode, we discuss the history and current state of information sharing and where it needs to go in the future. Learn more about your ad choices. Visit megaphone.fm/adchoices
Zero trust is a cybersecurity first principle strategy. Key to deploying a robust program is the Identity and Access Management tactic (IAM). The old perimeter defense model, designed in the 1990s, where network architects allowed good guys (and bad guys) through the perimeter to validate IAM policy seems ridiculous in hindsight. The new model, Software Defined Perimeter (SDP), is not as well known but is probably a better design. In this episode, Rick Howard discusses the history and current state. Learn more about your ad choices. Visit megaphone.fm/adchoices
In 1995, AT&T patented the idea of two-factor authentication (2FA). They said that to identify an authorized user, a system needed to check at least two of three factors: something they have, something they are, or something they know. But the early systems were clunky, hard to manage, and only used in environments that needed the most security. Today, the industry has come a long way and there are several different choices for 2FA with some more secure than others: SMS, Email, Authenticator Soft Tokens, Push, and Universal 2nd Factor (U2F). In this show, we talk about how each works and the relative security merits of each. Learn more about your ad choices. Visit megaphone.fm/adchoices
Single Sign-On (SSO) in the real world is complicated and messy and how we got there is a byzantine maze of innovation and standards that has taken years. But, if zero trust is the first principle strategy we are all trying to pursue, getting Identity and Access Management (IAM) right is the most important tactic. And, SSO is a piece of the entire Identity and Access Management puzzle. Rick summarizes the history and current state of Single Sign-On with some Rick the Toolman thrown in. Learn more about your ad choices. Visit megaphone.fm/adchoices
One way to reduce the risk of software supply chains is with a concept called a Software Bill of Materials (SBOMs). Standards bodies have been slowly working in the background for the past decade to move this concept into reality. On this episode Rick Howard discusses the current state of SBOMs, and throws some Rick the Toolman in as well. Learn more about your ad choices. Visit megaphone.fm/adchoices
In order to understand the current state of the cybersecurity landscape, you must understand the history of how we got here. Rick summarizes the history along several threads: Firsts, adversary playbook names, government-commercial-academic entities, important papers and books, people, law, technologies, tools, and strategy-tactics. Learn more about your ad choices. Visit megaphone.fm/adchoices
loading
Comments (1)

Robert Hale

Ensuring robust cybersecurity involves adhering to security compliance and embracing first principles. By integrating these principles, organizations can fortify their digital infrastructure against evolving threats. A crucial step in this journey is achieving ISO 27001 certification, a process facilitated by experts at https://nicolsonbray.com/services/strategy-governance-certification/iso-27001-consultancy. This consultancy service navigates businesses through the intricacies of ISO 27001, fostering a secure environment rooted in industry best practices and standards.

Nov 20th
Reply
Download from Google Play
Download from App Store