Claim OwnershipIANS Information Security Podcast
Subscribed: 358Played: 1,115
Subscribe
© Copyright 2019 IANS. All rights reserved.
Description
Infosec news and views featuring interviews with expert faculty from IANS.
41 Episodes
Reverse
This week we're joined by Rapid 7 founder and new IANS Faculty member Chad Loder to discuss the changing vulnerability scanning and management landscape and the need for more holistic, better integrated security awareness programs. Chad and I also touch on the goings on at last week's Blackhat and DEF CON events and talk about ways CISOs can improve their stature -- and their value prop -- within their organizations.
IANS Faculty Mark Clancy hops on the broadcast this week for a no-nonsense analysis of this week's global Petya-like ransomware attack. Mark brings his decades of experience as a security consultant, enterprise defender and threat intelligence expert to this discussion of the evolution of cyber-weapons, the limitations of real-time incident response and the tough choices teams make to balance protections and productivity.
It's dangerous world out there, and guys like Jon Condra are here to help us make sense of it. The Director of East Asian Research and Analysis at risk and threat intelligence firm Flashpoint, Jon joins me this week to talk about the recent Flashpoint Business Risk Intelligence Decision Report he authored and share his insights on emerging threats from Russia, China, North Korea and a host of other international bad actors.
After a busy week in infosec, we needed help sorting the wheat from the chaff. Enter IANS most prolific and acerbic faculty member, Dave Shackleford, to deliver the smackdown of truth on proposed updates to the ubiquitous NIST Framework, the present and future states of ransomware in the age of WannaCry, and the real value of President Trump's new cybersecurity executive order.
Special Guest David Dewey, head of research at Pindrop Security, drops by to talk about Pindrop's comprehensive report on the frightening state of call-center fraud. We discuss how phone fraudsters, aided by VOIP and other call-manipulation technologies, are costing large enterprises millions in account takeovers, fraudulent purchases and returns, bogus money transfers and the occasional mayhem just for the lulz.
If it's springtime in New England, it must be time for faculty member Kevin Beaver to join us on the podcast to examine the Verizon Data Breach Investigations Report better known as the DBIR. This week we dive into the 10th annual report and talk about what the findings say about our seeming inability to eradicate even basic security shortcomings like lousy passwords, porous web apps and our insatiable penchant for clicking on stuff. Any stuff. Kevin and I also spend a few minutes talking about the Trump administration's efforts to improve security in federal government agencies and departments. And Kevin tells us why his passion for racing souped-up Mazda Miatas maybe isn't so crazy after all.
The IANS Podcast hits the road this week, meeting up with cloud expert and presentation powerhouse George Gerchow at our Washington DC Forum for a wide-ranging discussion of all things enterprise cloud security. George shares insights into the white-hot Cloud Access Security Broker (CASB) market, and dishes on behind-the-curtain action at the Big 3 cloud providers. George also dives into SecDevOps, and talks about the need for coding savvy for infosec leaders in the new "security as code" world. He also shares how his other life pursuit as an accomplished musician informs his work as an information security thought leader.
This week, IANS Faculty Raffy Marty stops by to dish on the buzz -- and the hype -- surrounding machine learning and artificial intelligence in security. The VP of all things analytics at Sophos also talks improvements in visualization, trends in endpoint protection, and the need for better asset inventories and data classification in today's enterprises.
Well-known IT security and services expert Lawrence Walsh joins me this week to share his deep insights for vetting and working with managed security services provider (MSSPs) in a variety of settings. Larry and I also share a wide-ranging discussion of infosec industry trends, hits and misses from the recent RSA Conference, and the impact of the Trump administration on the tech sector.
This week I'm joined by IANS faculty member and Incite Learning founder Dr. David C. Kolb to talk about his popular series of organizational engagement and leadership skills courses now in their second year at the IANS Information Security Forums. David shares his thoughts on new sessions for 2017 targeting negotiation skills and the ability to thrive in the chaos that defines most infosec environments. We also get in some Super Bowl talk and discuss how David's years as an outdoorsman and Outward Bound program leader have informed his work helping corporate executives hone their soft skills.
This week, Securosis founder and CEO Rich Mogull joins us to elaborate on his popular new blog series "Tidal Forces: The Trends Tearing Apart Security as We Know It." The thought-provoking articles, which will form the basis of Mogull's RSA talk next month, focus on fundamental changes in the nature of endpoints and the grand transformation toward cloud-based, as-as-service IT delivery. These changes, Mogull posits, are inflection points that will roil the multibillion dollar IT security market and require a significant rethinking of infosec by both vendors and practitioners.
The always-entertaining Joff Thyer of Black Hills Information Security shares his insights on threat hunting in the enterprise and gives advice on how information security leaders and teams can get maximum benefit from penetration tests -- from preparation and documentation to teaching moments and after-action items. We also take on more Yahoo! follies, the ongoing drama that is vendor vulnerability reporting, and the OTHER Russian hack -- the Methbot criminal enterprise stealing millions in video advertising revenues.
IANS faculty infosec experts Marcus Ranum, Dave Kennedy and Aaron Turner join me for a special edition of the IANS Information Security Podcast to discuss the recent DHS-FBI report attributing election-season hacking to Russian state-sponsored actors. We talk about the quality of the government's evidence in the matter and examine ways private-sector security professionals might be able to leverage the report's indicators of compromise to bolster their network defenses... or not.
Well-known security researcher and IoT expert Chris Poulin joins me this week to discuss the real issues around securing connected devices and embedded systems. Chris also talks about the challenges of increasingly connected automobiles and shares his optimistic view of Internet of Things as a beneficial platform for innovation.
Prolific IANS faculty member Aaron Turner brings his broad infosec expertise and sharp commentary to the 'cast this week on subjects ranging from the scourge of ransomware to the death of Microsoft's EMET. Aaron also addresses the sorry state of PIM/PAM in the enterprise, our failings in mobile device management and gives us a sneak peek at his Internet of Criminal Things talk at next year's RSA Conference.
Faculty member Kevin Johnson brightens the podcast studio this week for a rollicking conversation about incident response, penetration testing, and the value of business acumen for security leaders. A dedicated Star Wars fanatic, Kevin also talks about his charity work, including an upcoming 5K for the Arthritis Foundation that he'll "run" in full Darth Vader gear. If you want to help Kevin and his team raise a few bucks for a great cause, go here.
IANS Senior Faculty Dave Shackleford joins the 'cast this week to talk about global DDoS threats, password policy problems, privileged credential management and the rising popularity of defensive threat-hunting efforts. Dave also shares his plans for presenting advanced web app pen testing techniques at IANS first-ever London symposium next month.
The inimitable Hacking Dave himself, IANS Faculty member Dave Kennedy, joins us this week to talk about the recent password follies, ethical issues around vulnerability disclosures, and his advice for effective penetration testing and purple teaming. Dave also shares insights into the hyper-positive culture and vibe of DerbyCon and talks about witnessing the big win last June of his hometown Cleveland Cavaliers.
On the show this week, IANS faculty member Ken Van Wyk talks NSA vs. Shadow Brokers and shares his approach to crafting effective incident response exercises. Ken also tells us how he helps organizations tackle the elusive art of threat modeling in the enterprise. Also joining us this week, social media expert Ginger Stevenson on IANS efforts to engage clients and faculty on Twitter and LinkedIn.
Security journalist, analyst and pundit Paul Roberts joins the IANS Podcast this week to talk about the state of security in all things connected and embedded. The editor of The Security Ledger also gives us a preview of the agenda for the 3rd Annual Security of Things Forum next month. Keep up on IoT security news and views at Paul Robert’s The Security Ledger Check out the upcoming 3rd Annual Security of Things Forum on Sept. 22
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States