The SecureWorld Sessions

Cybersecurity weekly podcast series featuring industry thought leaders discussing security solutions, best practices, threat intel, and more. Our primary topics within InfoSec include: Application Security; Artificial Intelligence; Blockchain; Career Development; Cloud Security; Encryption / DLP; Endpoint / Mobile / IoT Security; GRC; Incident Response / SIEM; Identity and Access Management; Network Security; Privacy; Ransomware / Malware; and Security Awareness.

BEC: Real Stories, Real Defense

Business Email Compromise (BEC) remains rampant, with annual losses in the billions of dollars. Every type of organization is at risk. During this episode, we discuss key things your organization and people should know about this cybercrime, plus the most effective way to respond in hopes of recovering some of the losses. Our two guests are with the United States Secret Service: •  Stephen Dougherty, Financial Fraud Investigator, Global Investigative Operations Center •  Michael Johns, Assistant Special Agent in Charge Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Check out their cyber mercenary report (very in-depth) below. Resource Links: •  New Trend Micro report, "Void Balaur: Tracking a Cybermercenary's Activities": https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf •  Stephen Dougherty on LinkedIn: https://www.linkedin.com/in/doughertysteve •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

12-07
33:30

A Cyber Mercenary Investigation

What is a cyber mercenary group and who are they attacking through cyberspace? In this episode, Feike Hacquebord, Sr. Threat Researcher at Trend Micro, reveals extensive details of a cyber mercenary group he has been tracking for more than a year, which he calls Void Balaur. "They target a lot of doctors… they are sending phishing emails to target senior engineers working for phone companies, they are targeting banks, as well. And all of these targets have one thing in common: they have a lot of personal data on people," Hacquebord says. The group is also going after activists, political leaders, and journalists. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Also, check out the cyber mercenary report (very in-depth) below. Resource Links: •  New Trend Micro report, "Void Balaur: Tracking a Cybermercenary's Activities": https://documents.trendmicro.com/assets/white_papers/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf •  Trend Micro Sr. Threat Researcher Feike Hacquebord: https://www.linkedin.com/in/feike-hacquebord-33902b5/ •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

11-17
36:37

The Cybersecurity Talent Pipeline Problem

This discussion on the cybersecurity talent pipeline problem is unlike any other you have heard before. And you and your organization could play a part in growing the future of the cybersecurity workforce. We're talking with the founders of the Last Mile Education Fund: •  Rian Walker, Information Security Analyst, Financial Sector •  Sarah Lee, Director, School of Computing Sciences and Computer Engineering, University of Southern Mississippi •  Ruthe Farmer, CEO & Founder, Last Mile Education Fund Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Last Mile Education Fund: https://www.lastmile-ed.org •  Trend Micro initiative, Cybersecurity Education for Universities: https://www.trendmicro.com/internet-safety/university •  Trend Micro's "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworld.io/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

11-04
40:22

Cybersecurity Brain Hacks and Big Ideas

Can brain hacks and cybersecurity habits improve the security posture at your organization? CISO George Finney of Southern Methodist University believes the answer is yes and he makes his case in this episode. Also, here's a big idea: cybersecurity doesn't slow down digital transformation, it speeds it up. Gigamon CTO Shehzad Merchant explains how and looks at Big Data and its underpinning technologies. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Take George Finney's cybersecurity personality test: https://wellawaresecurity.com/cyber-personality-test •  Connect with Shehzad Merchant on LinkedIn: https://www.linkedin.com/in/shehzad-merchant-1674b8 •  Trend Micro "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

10-27
42:00

Emergency Response Lessons for Cybersecurity

Andrew "AJ" Jarrett is Applied Cybersecurity Program Manager at the Cyber Readiness Center (CRC) and Texas A&M Engineering Extension Service (TEEX). He's been a wildland firefighter for more than a decade and believes Emergency Response frameworks that save lives can apply to cyber incident response and IT security to help protect organizations. He believes this can help make information security better. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Trend Micro's "Linux Threat Report 2021": https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  Connect with Andrew Jarrett on LinkedIn: https://www.linkedin.com/in/andrew-jarrett-tx •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

10-22
38:07

Cybersecurity Inflection Point?

Ed Cabrera is the former CISO of the United States Secret Service and current Chief Cybersecurity Officer at Trend Micro. He believes we are at an inflection point in cybersecurity and is cautiously optimistic. During this conversation with SecureWorld, Cabrera also discusses ransomware, cryptocurrency, threat intelligence, cyber insurance, and more. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner. Resource Links: •  Trend Micro "Vision One": https://www.trendmicro.com/en_us/business.html •  Follow Ed Cabrera on Twitter: https://twitter.com/ed_e_cabrera •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

10-13
35:00

Cyber Resilience, the Game Show

In this SecureWorld Sessions podcast bonus episode, three Chief Information Security Officers play a game show around modern cyber resilience. What is cyber resiliency, how do you align it with business objectives, and is it possible a unicorn won this battle of the CISOs? Contestants include Ricardo Lafosse, CISO, The Kraft Heinz Company; Michael Boucher, Americas CISO, JLL; and Glenn Kapetansky, Interim CISO, University of Chicago Medical Center, and CSO, Trexin Group. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "Attacks from All Angles: 2021 Midyear Cybersecurity Report": https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/attacks-from-all-angles-2021-midyear-security-roundup •  Ricardo Lafosse on LinkedIn: https://www.linkedin.com/in/ricardolafosse •  Michael Boucher on LinkedIn: https://www.linkedin.com/in/michael-boucher-55771a •  Glenn Kapetansky on LinkedIn: https://www.linkedin.com/in/kapetansky •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

10-07
40:39

Ransomware and the Secret Service

Our guest on this episode is Jeremy C. Sheridan, Assistant Director, Office of Investigations, at the United States Secret Service. We discuss the evolution of ransomware in cybercrime, including: advances in technology, cyber insurance, the cryptocurrency challenge, the sophistication of ransomware actors, and much more. Also, thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "A Roadmap to Secure Connected Cars": https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/a-roadmap-to-secure-connected-cars •  Jeremey C. Sheridan, Assistant Director, Office of Investigations, U.S. Secret Service: https://www.linkedin.com/in/jeremysheridan •  United States Secret Service Cyber Investigations page: https://www.secretservice.gov/investigation/cyber •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

09-28
51:51

Creating a Security Culture

Princeton University implemented a multi-year program to create a culture of cybersecurity throughout campus. It has already made an impact on the organizational security mindset, including risk reduction, implementing new technologies, broadening security knowledge, and strengthening campus partnerships. In this episode, listen to David Sherry, CISO of Princeton University, and Tara Schaufler, Information Security Awareness and Training Program Manager. They share ideas, inspiration, and lessons learned that can help your organization. Also, thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "A Roadmap to Secure Connected Cars": https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/a-roadmap-to-secure-connected-cars • David Sherry on LinkedIn: https://www.linkedin.com/in/davidsherry/ • Tara Schaufler on LinkedIn: https://www.linkedin.com/in/tarabrelsfordschaufler/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

09-09
49:31

Nation-State Cyber Threats: What Now?

What can organizations, the U.S. government, and everyday citizens do to stop the surge of ransomware and cyber threats hitting us from overseas? In this episode, we hear from retired Air Force Colonel Cedric Leighton. Leighton is a CNN military analyst who held cyber leadership positions while serving in the Air Force and currently runs the Cedric Leighton International Strategies consultancy. He explains the threats and motives of America's top nation-state cyber enemies. Plus, how we're thinking about the ransomware problem in the wrong way. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner and providing new research for this episode. Resource Links: •  Trend Micro report, "Earth Baku Returns," on the APT's new cyber espionage campaign: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/earth-baku-returns •  Col. Cedric Leighton on LinkedIn: https://www.linkedin.com/in/cedricleighton/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

09-01
50:58

Suing the CISO

Are CISOs getting sued? Yes. Investors filed a lawsuit that specifically names the CISO of SolarWinds as a defendant. Is this the beginning of a trend to sue the Chief Information Security Officer after a cyber incident? #InfoSec twitter reacts, and so do the experts on today's podcast: Rebecca Rakoski is co-founder and Managing Partner of XPAN Law Partners, and Glenn Kapetansky is Interim CISO at the University of Chicago Medical School and CSO at Trexin. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner, and for providing new research for this episode after analysis of millions of Linux security events. Resource Links: • SecureWorld News story, "Suing the CISO: SolarWinds Fires Back": https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds •  Trend Micro's Linux Threat Report 2021 1H: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

08-24
33:36

Season of Cybercrime: The Insider Threat

In this true cybercrime episode, we uncover the case of an insider threat scheme at an AT&T Wireless call center. Court documents reveal how rogue employees collected approximately $1 million in bribes. Plus, Dr. Larry Ponemon discusses the Insider Threat risk, and John Grimm discusses Insider Threat best practices. Resource Links: •  Trend Micro report, Risks in Telecommunications IT: https://www.trendmicro.com/en_us/research/21/g/risks-in-telecommunications-IT.html •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

08-10
22:35

Season of Cybercrime: Exploring the Dark Web

In this true cybercrime episode, we interview Myra Rosario-Fuentes, Senior Threat Researcher at Trend Micro, who just completed an in-depth, two-year research project on Dark Web markets, especially those selling exploits that hackers use to take advantage of security holes in networks and devices. How much is a Zero Day exploit worth on the Dark Web? How did COVID-19 impact cybercriminals on the Dark Web? Also, we discuss access-as-a-service on the Dark Web, the latest on ransomware operators and affiliate programs, and more. Resource Links: •  New Trend Micro Report, "The Rise and Fall of the N-day Exploit Market in Cybercriminal Underground": https://newsroom.trendmicro.com/2021-07-13-Nearly-a-Quarter-of-Exploits-Sold-on-Cybercriminal-Underground-Are-More-Than-Three-Years-Old •  Myra Rosario-Fuentes on LinkedIn: https://www.linkedin.com/in/mayra-rosario-fuentes •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

08-03
32:35

Season of Cybercrime: W.H.O. Cyberattack

In this true cybercrime podcast episode, we interview Alexander Urbelis, cyber attorney and threat intelligence expert, who uncovered a cyberattack against the World Health Organization at the start of the coronavirus pandemic. Resource Links: •  Trend Micro phishing and ransomware white paper: https://resources.trendmicro.com/rs/945-CXD-062/images/Reduce-Phishing-Ransomware_Trend-Micro.pdf •  Alexander Urbelis on LinkedIn: https://www.linkedin.com/in/alex-urbelis-25aaab1/ •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

07-20
37:08

Season of Cybercrime: SeaWorld Cyberattack

In this true cybercrime episode, we interview Cam, who was arrested for hacking when he was 14 years old. One of his focused cyberattacks was against SeaWorld San Diego. Now, he works as a cybersecurity professional. How did he get into cybercrime and then into a role defending against it? It all started with gaming. Resource Links: •  Trend Micro's Close the Gap program: https://www.trendmicro.com/closethegap •  Trend Micro's Zero Day Initiative: https://www.zerodayinitiative.com •  SecureWorld conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

07-13
21:42

Cybersecurity Workforce Development at Scale

How can we scale up the development of our collective cybersecurity talent pipeline, and what role can you play in this? How can your organization help develop talent? How can your alma mater or current university play a part in this? Hear about a model for this kind of work underway through partnerships at New York University Tandon School of Engineering. Our expert panelists: 1. Geoff Brown, CISO, City of New York, and Head of NYC Cyber Command 2. Liat Krawczyk, Assistant Vice President of the New York City Economic Development Corporation 3. Nasir Memon, Vice Dean at NYU Tandon, and Founder of NYU's Cybersecurity Program 4. Jim Routh, Former CISO at Mass Mutual, Aetna, and other enterprises 5. Joel Caminer, Sr. Director of Cybersecurity Education, NYU Tandon Resource Links: •  Trend Micro special supported SCORE program: https://www.score.org/technology-resources • NYU Tandon Cybersecurity Program: https://cybersecurity-strategy-masters.nyu.edu/landing-page •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

06-29
52:08

State CISO Discussion: Future of Security

Listen in as U.S. state cybersecurity leaders discuss key topics: •  coming year priority projects •  the ransomware surge and preparing for security incidents •  their organization's security culture and training to deal with issues •  innovative, special projects they are most excited about moving forward Featured presenters on this podcast panel: •  Vinod Brahmapuram, CISO, State of Washington •  Deborah Blyth, CISO, State of Colorado •  Maria Thompson, former Chief Risk Officer, State of North Carolina •  Moderated by Dan Lohrmann, CSO, Security Mentor, and former CSO, State of Michigan Resource Links: •  Trend Micro CISO resource portal: https://www.trendmicro.com/en_us/business/campaigns/art-of-cybersecurity/ciso.html •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

06-22
51:09

Ransomware Incident Response Lessons

Nancy Rainosek is the Chief Information Security Officer (CISO) for the State of Texas. She knows all about ransomware incident response. Her team played a key role in remediation after a coordinated ransomware attack hit 22 state agencies in Texas in a single day. 1. What was that ransomware day like for Rainosek and her team? 2. Was there a common vulnerability among the attacked agencies? 3. What did Texas learn during the ransomware attack that can help your organization now? Resource Links: •  Trend Micro special report on ransomware: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/modern-ransomwares-double-extortion-tactics-and-how-to-protect-enterprises-against-them • Nancy Rainosek on LinkedIn: https://www.linkedin.com/in/nancy-rainosek-4144893 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

06-15
39:16

AI and Our Future

Josh Jackson is Founder and Executive Director of the AI Association, which advocates for the furtherance of artificial intelligence and automation in the United States. In this wide-ranging discussion about AI, Jackson unpacks the following: 1. How should we define artificial intelligence? 2. Where is the intersection of cybersecurity and AI? 3. What does the AI arms race look like, and what about AI ethics? 4. What if your organization does not have an AI strategy? Resource Links: •  Trend Micro report on ICS Security:  https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/keeping-cyber-risk-under-control-spotting-and-thwarting-ics-threats •  Josh Jackson on LinkedIn:  https://www.linkedin.com/in/joshjacksonco •  SecureWorld virtual conferences:  https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

05-25
31:49

Outlaw Ransomware Payments?

Shawn Tuma is a nationally known "breach quarterback" or "incident response coach" who walks victimized companies through the fallout of a ransomware attack. In this episode, he discusses the following: 1. What stages do organizations and security teams experience during a ransomware attack? 2. Would making ransomware payments illegal disrupt this cybercrime business model? 3. Is the Colonial Pipeline cyberattack a watershed moment for security? Tuma is Co-Chair of the Cybersecurity & Data Privacy Practice Group at Spencer Fane LLP. Resource Links: •  Trend Micro special report, "What We Know About the DarkSide Ransomware and the US Pipeline Attack": https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html • Shawn Tuma on LinkedIn: https://www.linkedin.com/in/shawnetuma •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events •  SecureWorld webinars, eSummits, and online training: https://www.secureworldexpo.com/resources?cat=remote-sessions The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization. Thank you to Trend Micro, a global leader in cloud and XDR security, for being our premier podcast partner.

05-18
33:51

Recommend Channels