Pwned: The Information Security Podcast

In this episode of Pwned, BlackCat rises from the grave for another life full of ransomware attacks; this time targeting a healthcare organization, Change Healthcare, for a whopping $22 million. Join Justin and Jack as they look through the facts and speculate that BlackCat may not be who they say they are. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

It’s a first, with Jack going solo, and the subject is a set of 8 recent recommendations from senior IT and security leaders at the recent e.Republic/Center for Digital Democracy Beyond the Beltway show. Panels of executives described their experience with successful security and technology communications, and Jack interprets and applies these for our Pwned cybersecurity audience. It’s a rare view into the minds and reactions of the kind of leaders that we know are fundamental to the success of any security strategy.Check out these links:e.Republic: https://www.erepublic.com/Beyond the Beltway: https://events.govtech.com/Beyond-the-Beltway-2024.html#/agendaCenter for Digital Government: https://www.govtech.com/cdgKey takeaways: 00:00 - Title Sequence00:25 – Introduction02:48 – Know the Plan03:58 – Bring Objective Data05:02 – Speak to All06:05 – Find the Baseline07:45 – Upskill My Team10:11 - Everything is Relative11:50 - Bring the Value13:10 - Prepare for Change14:27 – RecapIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

Justin Fimlaid and Jack Danahy are talking about the recent 26.6B records found exposed. While the records are mainly old, the Pwned perspective is always new. Listen in for some history, some discussion of other expert views like Troy Hunt and others, and a perspective on whether this Mother of All Breaches may in fact be more of a news story and less of a new story.View Troy's article: Troy Hunt: The Data Breach "Personal Stash" EcosystemView the original MOAB post: Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records | CybernewsKey Takeaways:00:00 – Title Sequence00:45 – Introduction to topic: Mother of All Breaches02:24 – Public Reaction03:42 – Where Did the Records Come From?05:28 – Mystery Leads to Uproar08:25 – Biggest Takeaway From the Breach10:53 – Making Improvements, But Still a Long Way to Go13:13 – Complex Passwords and Password Vaults15:40 – AI-Generated Code 18:00 – SummaryIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

It’s been over two years since the team examined the overuse and increased malleability of the term “XDR” and were forced to sentence that term to the Pwned terminology dungeon, the “Pit of Despair”. Well, times change, and our intrepid topical explorers are seeing signs that a reexamination is deserved, as XDR is becoming more understood, and Managed XDR (MXDR) is now a reality. Join Justin Fimlaid and Jack Danahy in this episode of Pwned as they carefully pull MXDR out of the "Pit of Despair" by the suspenders. The guys explore and wade through the industry jargon that has complicated views of threat detection and response technology and services, and ultimately, make the rescue.Check out the original episodes where they were placed into the Pit:Pwned GigaByte - The pit of despair (nuharborsecurity.com)Voldemort (XDR) Spawns New Death Eaters (mXDR) (nuharborsecurity.com)Key Takeaways:00:00 – Title Sequence00:30 – Introduction03:18 – Term reveal05:28 – Notable changes in the last two years08:45 – Has XDR manifested itself into reality?13:49 – The history/origins of XDR17:00 – Jack’s rebuttal 21:58 – Wrap upIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

In honor of releasing the 2023-2024 SLED CPR, Justin and Jack take a walk down memory lane and discuss their predictions from the 2022 CPR, and how they fared in 2023. Have all 5 predictions panned out the way the duo thought, or did some fall short? Tune in to find out. Check out our annual SLED CPR. Key Takeaways:00:00 – Title sequence00:27 – Introduction to topic01:15 – Prediction 1: Back to basics04:45 – Prediction 2: Teaming up06:03 – Prediction 3: Staying on top08:30 – Prediction 4: Election-driven urgency10:27 – Prediction 5: States Will Lead Private industry to new models of securityIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack are giving a sneak preview of this year’s SLED Cybersecurity Priorities Report. It’s all fresh off the presses and the team is giving a birds-eye view of the process, focus, and conclusions that the CPR is bringing to (and from) State, Local, and Higher Education leaders.If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

The Pwned podcast leaps into 2024 with Justin Fimlaid and Jack Danahy talking about what they've were seeing at the end of 2023, some ideas on improving for 2024, and some new ideas around understanding more about predicting breach impact and exposure. The guys are looking at some new ideas like improving attack simulation, increasing visibility, and the potential application of new approaches like synthetic malware and attack campaigns. One of the results of a new Pwned term of art, based in a need to focus on "Defense in Breadth" over the tradition of "Defense in Depth of days gone by. All of this drives a conversation ranging from cyber insurance to the value of the next cybersecurity dollar spent.It's a great way to wrap up 2023 with Pwned and jump into the hopeful potential for 2024. Key Takeaways:00:00 – Title sequence00:24 – Introduction01:35 – Recommendations for starting out 202402:15 – One small gap can lead to catastrophe03:56 – New year, new approaches05:00 – Prediction: Synthetic Testing08:35 – Potential for better insurability and dollar spend/investment11:23 – Jack’s JIE: Justin Inspired Epiphany: Defense and Breadth13:18 – Impacts against the business during and after an attack16:25 - SummaryIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

Well-known public sector executive advisor, Curt Wood, joins the team to talk about the role of the Cybersecurity and Infrastructure Security Agency (CISA), statewide cybersecurity, and the complex responsibilities of leaders as they understand and integrate multiple communities in their cybersecurity planning. As former executive secretary and CIO for the Commonwealth of Massachusetts and the current executive director for the 2023/2024 SLED Cybersecurity Priorities Report (CPR), Curt is going broad and deep with Justin Fimlaid and Jack Danahy on the changing nature of threat intelligence, interagency communications, and establishing a leadership position for cybersecurity.View the CISA websiteDownload the CPRIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

In the second part of our series on Federal AI proclamations, Justin and Jack make a point-by-point assessment of the Federal view on inalienable protections from AI misbehavior. If you’re concerned with AI’s incursions into everyday life or are interested in understanding whether our leaders have a grasp on the issues, this is an episode you can’t miss.AI is complicated. Cybersecurity is complicated. Political language is complicated. Your Pwned team is here to make things understandable. Tune in and find out.Check out the resources and references mentioned in this episode: Blueprint for an AI Bill of RightsEpisode 188 - Safe, Secure, and Trustworthy. Pwned on the President's AI Executive Order Episode 182 - The Next AI Episode - With Diana Kelley! Key Takeaways: 00:00 – Title Sequence00:22 – Introduction to the topic01:47 – Safe and Effective Systems: What Exactly Does That Mean? 10:22 – Algorithmic Discrimination Protections: Put the Human in the Loop14:29 – Data Privacy: Understanding the Cost of Using Services20:05 – Notice and Explanation: Responsibility of Data Exposure22:05 – Human Alternatives, Consideration, and Fallback: Why? Because the Algorithm Says So24:23 – Closing StatementsIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

In this episode, Justin and Jack are reviewing the recent presidential executive order on AI. While there are plenty of good ideas in the mix, the team is taking some time to examine their feasibility, their value, and their likelihood of execution in our current, fast-paced, AI environment.  Stay tuned for part two on the Blueprint for an AI Bill of Rights!Check out the resources we referenced in this episode:FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial IntelligenceEpisode 176 - Outcomes, Prescriptions, and Presidental PolicyKey Takeaways:00:00 – Title Sequence00:27 – Topic Introduction01:16 – What is the Fact Sheet?01:44 – Software Security04:43 - New Standards for AI Safety and Security14:46 – Protecting American’s Privacy18:27 - Advancing Equity and Civil Rights21:06 – Supporting Workers: Adapting to New Innovations in the Workplace26:43 – Recap and Positive NoteIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

Following Justin's work with members of the press on the recent Kansas City court system ransomware shutdown, he and Jack are talking about the potential impacts and repercussions of increasing cyberattacks against the judiciary. There are issues of timely judgements, sealed records, even courts paying criminals, as the Pwned team judges the situation and brings some new evidence to the discussion of causes and prevention.See Justin in the press: https://www.wibw.com/2023/10/19/cybersecurity-expert-explains-issues-facing-kansas-courts-they-remain-offline/.Key Takeaways: 00:00 – Title sequence00:22 – Introduction00:51 – Incident Details01:42 – Courts shut down: back to basics04:10 – Chain of custody in the event of a ransomware attack?05:13 – Justin’s press presence: analogies06:48 – Courts paying criminals?07:18 – ETA for opening the courts09:32 – Targets and motivation11:23 – Are attackers getting all information, or are there barriers for information that should be protected?14:04 – CJIS 16:15 – Digitizing paper files for security17:20 -- RecapIf you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com.For general information, you can reach us at info@nuharborsecurity.com.If you like our content, please like, share, and subscribe! We’ll catch you on the next one.Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust.Website: https://nuharborsecurity.comFacebook: https://www.facebook.com/nuharbor/Twitter: https://twitter.com/NuHarborLinkedIn: https://www.linkedin.com/company/nuharborInstagram: https://www.instagram.com/nuharborsecurity/

Following a listener request, Justin Fimlaid and Jack Danahy are talking about successful paths forward when a CISO finds themselves in a role that’s a little larger than they expected, or an organization has a well-meaning CISO that needs a little more time to get it right. This happens all the time, and it doesn’t have to end with burning out or throwing out an otherwise capable executive. If you find yourself in that oversized chair, sit back and give a listen. Helpful links: The Hunt for the Super CISO Part 1 The Hunt for the Super CISO Part 2 CISO Job Description Download Check out this week’s video:   Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following well-publicized comments from Zurich Insurance CEO Mario Greco on the potential demise of cyber insurance, Justin and Jack are digging deep. They describe the challenge to insurers, the potential for unlimited liability, and propose a new and more intentional model that benefits insurers, clients, and the CISOs involved. It’s a new take on a thorny problem, with lessons for all players. Links: Are Cyber Attacks Uninsurable? World Economic Forum 2020 Grim Insurance Predictions On a lighter note: Whisky Home – Old Forester | First Bottled Bourbon™   Check out this week’s video:   Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this last episode of PWNED Season 3, Justin and Jack are paying off the year’s debts from infractions against the Pit of Despair, while analyzing a BlackHat announcement by a leader in the market. There are debts to be paid, and there’s a striking new example of the old security tendency to obscure, over-the-top messaging. The season is going out with a bang, and it looks like Season 4 will start with a blank slate but a full list of issues to watch for. As mentioned in this episode, check out the Security Bullshit Generator! Check out this week’s video: Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

After much work and a little fanfare, the 2022 SLED Cybersecurity Priorities Report has been publicly released.  Justin and Jack are giving a quick overview of the findings, along with their usual, and unavoidable, take on some of the results. For those of you who have participated in the research or have been following the lead-up to this day, you’ll be glad to hear that the result does not disappoint. Here’s the announcement: SLED Leaders Find Roadmap for 2023 Success in Groundbreaking Report From NuHarbor Security | Business Wire And here’s the CPR: https://info.nuharborsecurity.com/2022-sled-cpr 

In this episode of PWNED, Justin springs an unexpected topic, based on his deep affection for social media. Seeing a post from a security leader who feels he has been unfairly held accountable by his company, he’s bringing it to the podcast. We’ve got victimhood, CISO expectation setting, transparency, and disappointment, all in one episode as Jack and Justin take this common feeling apart. As referenced in this episode, you can find the book, “Can’t Hurt Me”, by David Goggins here: Can’t Hurt Me, David Goggins If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We’ll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

Following the news that Twitter, now owned by Elon Musk, is charging users for a “blue check” next to their name — an icon that once signaled a verified and authentic user, Justin and Jack discuss the cybersecurity implications behind this new phenomenon, and clear away the confusion and chaos that comes with it. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We’ll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this RightSwipes episode of Pwned, Justin and Jack start with an analysis of the recent CrowdStrike acquisition of Reposify, and while they may not agree on the love match, it starts an interesting new debate on “Best-in-Breed” versus “Combined Value” players in cybersecurity. It’s an important point of inflexion for companies, and maybe for the cybersecurity market, so listen in. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We’ll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In this final episode with Justin and Jack speaking to a group of state security leaders, the PWNED team is talking about a series of topics from new, more successful awareness campaigns to the challenges of avoiding being a target in the first place. This entire session is driven by audience questions, and you may hear one that you’d have asked were you there. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We’ll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/

In their second episode in front of a group of public sector tech execs, Justin and Jack are talking about the challenge and risks of application security, including the cascading exposure from supply chain vulnerabilities like log4j. They also spend some time talking about the attack trend towards automation and the ubiquitous threats that indiscriminately target organizations regardless of size or specialty. It’s another episode driven by listener questions and current events, with a focus on the impact to mid-sized organizations and those who serve through the SLED community. If you have any questions or suggestions, send us an email at pwned@nuharborsecurity.com. If you like our content, please like, share, and subscribe! We’ll catch you on the next one. Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: https://nuharborsecurity.com Facebook: https://www.facebook.com/nuharbor/ Twitter: https://twitter.com/NuHarbor@nuharbor LinkedIn: https://www.linkedin.com/company/nuharbor/ Instagram: https://www.instagram.com/nuharborsecurity/