Discovermnemonic security podcast
mnemonic security podcast
Claim Ownership

mnemonic security podcast

Author: mnemonic

Subscribed: 6Played: 159


The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
34 Episodes
Security Assurance

Security Assurance


Are we secure enough? Are we exposed? What are our key cyber risks?Our podcast guest this week is a veteran in the IT space in the financial sector, and has extensive experience communicating security posture to stakeholders. Erik Blomberg, CISO in the Swedish Handelsbanken, chats with Robby about what management really is wondering about, and how to communicate the value your security team is delivering to the organization. He also shares how he’s worked to translate tech terms into actual business value, and how the CISO role has changed in recent years.Technical level: 1/5Host: Robby PeraltaProducer: Paul Jæger 
Morten and Robby recorded this session as part of their virtual presentation at the CERT-IS conference in Iceland last month. The episode is also available in video: For this episode, Robby welcomes Morten Weea from mnemonic’s Threat Intelligence team. Morten is a PhD candidate researching decision-making in incident response and an experienced Incident Handler that often works with advanced persistent threats (APTs).Robby picks his brain about what actually goes down when a customer calls after realizing what shouldn’t have happened, has happened.Or even more importantly, what his advice is for organizations before a serious incident occurs. They also discuss when it’s appropriate to trigger a full-scale incident response, and what sort of incidents shouldn’t. Technical level: 2/5Host: Robby PeraltaProducer: Paul Jæger
Financial Cyber Crime

Financial Cyber Crime


For this episode, we’re happy to have Sebastian Takle from the DNB Financial Cyber Crime Center (FC3) with us to share how one of the largest banks in the Nordics works with Threat Intelligence. Sebastian is Subject Lead for Threat Intelligence at FC3, and in his conversation with Robby he explains their threat actor centric approach to TI.We also get to hear what threat actors they are observing and are most concerned about, and the importance of identifying who.Technical level: 1/5Host: Robby PeraltaProducer: Paul Jæger 
Why is it so difficult for security people to speak to developers? And the other way around…For this episode, Robby has invited a veteran to the software security game, Nick Murison, Security Practice Lead at Miles. Nick started off as a penetration tester, and has been passionate about software security and training developers to think about security upfront for close to two decades.They speak about software security within the development lifecycle, and bridging the gap between developers and security people. Nick also explains how he believes more organizations can get security into their development, and dives into the question “is DevOps really increasing or decreasing your security risks?"
Forensic Readiness | OT miniseriesWe’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time around, Robby’s invited a fellow security podcaster and former head of forensics at Volvo, Rikard Bodforss.Rikard has been working with security in the Industrial Control Systems (ICS) and OT space for a long time, both from the private sector and as IT and Security Manager in the City of Gothenburg’s water and waste department. In his conversation with Robby he shares from his experience in the field, and explains what exactly forensic readiness is, and why it’s important. He also shares what he believes are some generic truths and recommendations for organizations that operate in ICS and OT environments.Stay tuned for more episodes in our OT miniseries coming soon.Technical level: 2/5Host: Robby PeraltaProducer: Paul Jæger 
How do we go from data to information, and from information to intelligence in the cyber world?Who better to try to explain this than the former Director of the national communications and security agency in the Netherlands, Job Kuijpers, and his colleague and trusted advisor for Threat Intelligence, Piet Kerkhofs. After more than 15 years in the Dutch government's cyber program the two of them founded the cyber security company EYE, and in their conversation with Robby they share from their vast and hands-on experience working with threat intelligence.In this episode, you’ll hear about the most common misconceptions about threat intelligence that they’ve come across, and how much and what should be automated in threat intelligence – and what shouldn’t.They also discuss what’s required by an organisation buying/receiving threat intelligence, and how to evaluate if your organisation actually needs threat intelligence tools for its security work.Technical level: 2/5Host: Robby Peralta
This time, Robby has invited his most recent online friendship and the uncrowned king of open source, Simon Simonsen, to the podcast. Simon also happens to have a lot of experience developing and utilising security architecture defense strategies, or as he calls it; utilising your home court advantage.Simon has over a decade of experience in security and is working as a Senior Information Security Officer at the Danish energy trading house Danske Commodities (DC).In his discussion with Robby, he explains his mostly open source approach to protecting his home court by using OODA Loops (Observe, Orient, Decide and Act) and by knowing that as long as you know your network better than any adversary, you should come out winning. He also shares his approach to making sure you do know your network better, as well as his journey with OODA Loops. Hunting ELK: The Open Source Security Events Metadata (OSSEM): Onion: ATT&CK: level: 4/5Host: Robby Peralta
Security Validation

Security Validation


How can we prove cybersecurity effectiveness?With USD 124 billion being spent worldwide on IT security last year alone, it's no wonder this is a question many would like the answer to. However, finding a quantitative metric to evaluate security investments, outside of positive effects like diminishing risks and reducing the amount of bad things happening, is not straight forward. To help us navigate this question, Robby is joined by someone with a lot of experience making security investments effective. Brian Contos has a long list of merits after his more than two decades of experience working in the cybersecurity field. He has also written several security books and is an award-winning podcaster. Brian is now CISO & VP Technology Innovation in Mandiant Security Validation, also known as Verodin, a business platform for measuring and managing cybersecurity effectiveness.Technical level: 1/5Host: Robby PeraltaProducer: Paul Jæger
For this Norwegian episode of the mnemonic security podcast, Robby and co-host for the day Manager of Governance, Risk & Compliance at mnemonic, Gjermund Vidhammer, are joined by two major actors in the Norwegian cyber landscape: Robin Bakke, Specialist Director for Cyber Security at the Ministry of Justice & Public Security, and Bente Hoff, Director National Cyber Security Center (NCSC) at the Norwegian National Security Authority (NSM). They discuss the importance, and the many different arenas, of private-public cooperation both in Norway and internationally, and share the Ministry and NSM’s thoughts on what’s important for digital security these days – and where they see most risk.Related reading:Nasjonal strategi for digital sikkerhet: Sikkerhetsmåned: level: 1/5 
How can we best apply data science techniques to gain security visibility? What data you collect obviously affects your detection capabilities, but as many have painfully experienced; there can be too much of a good thing!In this episode, Robby is joined by Jeff Barto. He is the Chief Security Officer at a large hedge fund in the US, has worked in security for over 20 years and has a lot of experience asking himself the question “how much data is enough?”. Jeff takes us through what types of data is he collecting and why, and how to collect data smartly to get the detection capabilities you need. Robby and Jeff also discuss their take on the future of data science and security visibility, and whether now is the time to ditch people and leave security for the machines? Technical level: 3/5 
KPIs vs. Empowerment

KPIs vs. Empowerment


How effective is the use of Key Performance Indicators (KPIs) in security? Are they even relevant, and if so, do KPIs work differently for security teams than others?In this episode, Robby chats with someone that’s had a lot to do with KPIs, both in his position as the former Head of the government CERT in Denmark (GovCERT), as well as a SOC Analyst for more than 10 years. Marc Andersen shares his experiences chasing KPIs, and discusses whether self-governance is a better alternative for security teams. Technical level: 1/5Host: Robby PeraltaProducer: Paul Jæger 
Who better to continue our Operational Technology (OT) miniseries with than KraftCERT, the Norwegian Energy and Control System CERT!KraftCERT helps industrial control system (ICS) related industries establish incident response teams, build digital security processes, and get a better understanding of the threat landscape. With us for this episode, we've invited someone that has been with KraftCERT from the start; Senior Security Analyst Lars Erik Smevold.Lars Erik shares with us what affects the threat landscape for KraftCERT's member organisations, the most common threats he's seeing targeting them, and how he hopes the industry will continue to move towards making cyber incidents targeting ICS and OT systems public.Stay tuned for more OT specific episodes, where we look into the security challenges in the OT space, in the coming weeks.Technical level: 1/5
For this episode, Robby has invited two experts that see privileged access management (PAM) from two different viewpoints. From the customer side he has Thor Milde, SVP and Head of IT Security Services in Norway's largest bank DNB, share his PAM journey - and from the consultant side Michele Paci, IAM Executive Architect in IBM, explains what he's learned after working with identity and access for a large portion of his professional life.In the episode, they share insights from both sides of the fence on how most companies are handling PAM today, the effects of cloud on the PAM world and how they would like to see PAM evolve in the future.Technical level: 3/5Host: Robby PeraltaProducer: Paul Jæger 
In this episode, we continue our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time, Robby chats with PhD Andrea Carcano on the importance of visibility in OT environments. Andrea is passionate about the security of industrial control systems (ICS), and the Co-Founder of Nozomi Networks, a US based industrial cyber security company helping many of the largest industrial sites around the world.They discuss the role of threat intelligence in the OT sphere, how to understand what you actually have inside your critical infrastructure, and what challenges he talks to his customers about nowadays.Stay tuned for more OT specific episodes in the coming weeks.Technical level: 2/5Host: Robby PeraltaProducer: Paul Jæger
In this episode, Robby chats with Erlend Gjære, Co-founder and CEO of Secure Practice, on how to turn an organisation’s users into its last line of defense against email threats. Erlend has spent most of his career studying people and their email habits. At Secure Practice he combines scientific research and employee behavior to find out how to best reach through with security awareness messaging in organisations, by identifying why people do what they do, how they do it, and most importantly, how to make them do it securely.Robby and Erlend discuss email as an attack vector, and what companies are doing to protect themselves. They also talk about what is actually working nowadays in terms of security awareness, and what the most successful companies are doing. Technical level: 1/5Host: Robby PeraltaProducer: Paul JægerSuggested reading:
The CISO role in Operational Technology (OT) means securing environments where digital and physical worlds meet, and where a service disruption in the digital space can have a direct and immediate impact on our physical world.In this episode, Robby wants to know how a CISO handles the challenge of securing both IT and OT environments.To kick off our miniseries on OT, Robby welcomes Karsten Duus Wetteland, CISO at BKK. BKK is a leading organisation within renewable energy, working to replace fossil fuels by electrifying everything from fishfarms, cars and cruise ships, to the oil and gas industry's offshore power supplies.Karsten shares how they are finding new methods to identify risks when the risk spectrum spans from trees falling over power lines to hacked fish tanks. And how to avoid IT risks becoming OT risks.Stay tuned for more OT specific episodes in the coming weeks.Technical level: 1/5Host: Robby PeraltaProducer: Paul Jæger
In this episode, Robby chats with two experts from mnemonic that are highly passionate about microservices; security researcher Andreas Claesson and Head of Development of our Argus security platform, Joakim von Brandis.Andreas explains how he works with microservices with customers, and what the dark side of microservices are regarding security. Joakim returns to the podcast to show how mnemonic's Argus security platform made the transition over to microservices. If you haven't heard Joakim's first episode, we recommend you check it out (episode 4 - Under the hood of Argus).Have a listen to learn how microservices are useful, and what companies that use microservices should be monitoring for.Technical level: 3/5Host: Robby PeraltaProducer: Peter HarketShow notes: 
How to best avoid being stuck in Groundhog Day?In the second part of our mini series about SOAR, Robby chats with a gentleman that was referred to as The Godfather of SOAR in the first episode of the series.Rob Gresham, SANS Instructor specialising in automation for Security Operation Centers and a Security Solutions Architect at Splunk, takes us through how to be successful with automation, the evolution of Phantom and what he thinks he will be spending his time on going forward.Technical level: 2/5Host: Robby PeraltaProducer: Paul JægerShow notes:"Hacking your SOEL. SOC Automation and Orchestration – SANS Security Operations Summit": 
Do it smart, so you won't have to do it again.In this episode, we chat with Tibor Földesi, Security Automation Analyst in Norlys, one of the largest Telco & Energy companies in Denmark. At Norlys, his main motivation is to get more time to enjoy his coffee, which directly correlates with his ability to automate what can be automated.Tibor and Robby discuss what we can and cannot automate within security, as of now. And Tibor shares his recommendations for SOAR vendors.Technical level: 2/5Host: Robby PeraltaProducer: Paul Jæger
In this episode, we chat with the people in charge of the healthcare and sensitive data collected in what is amongst the world's largest COVID-19 studies to date.The study known as the Corona Study, is lead by the Oslo University Hospital and aims to examine how the coronavirus spreads in Norway. At the time this episode was recorded the study had been available for 19 days and more than 122 000 people had already answered the questionnaire. Dr. Gard Thomassen and Leon Charl du Toit work in an organisation called TSD at the University of Oslo. TSD (in Norwegian) is an abbreviation for "Service for sensitive data" and is a big data/ security platform that researchers use to carry out their studies. We talk about how the sensitive data collected is handled in terms of security, and how they were able to set up the infrastructure for the study in less than 24 hours. Technical level: 2/5Show Notes: (from minute 12:20) Host: Robby PeraltaProducer: Peter Harket
Download from Google Play
Download from App Store