Claim Ownership


Subscribed: 0Played: 0


In this week's episode, Randy covers the Hive Ransomware Group, the reemergence of Scarab APT, and a few stories that have nothing to do with insects...Featured stories include:An update on Lapsus$ and liabilityHive Ransomware Group and remote accessScarab APT reemergence targeting UkraineRockwell Automation vulnerabilitiesPCI 4.0Gartner's cybersecurity trends for 2022
In this episode, Randy Watkins covers the biggest stories on our news feeds today: the Oscars and the Okta Breach.See how many Will Smith movie references Randy can fit in a minute, and starting at 1:09, get filled in on the latest information about Lapsus$ - a juvenile threat group causing adult problems.
Join CRITICALSTART CTO and SON OF A BREACH! podcast host Randy Watkins as he talks with IDC Program Director, Security Services, Craig Robinson.  The two discuss the Critical Start sponsored IDC white paper, "In Cybersecurity Every Alert Matters". The two share their thoughts on: Making organizations more secure in the face of ongoing digital transformations The value of internal talent to prioritize business outcomes in cybersecurityPredictions around MDR and alert resolutionSpecial thanks to Craig Robinson!
Join CRITICALSTART CTO and SON OF A BREACH! podcast host Randy Watkins as he winds up our Rated XDR series. After four previous episodes with CRITICALSTART integration partners about their extended detection and response platforms and strategies, Watkins shares his thoughts on:How to define and evaluate XDR offeringsWhy you can expect XDR to displace SIEMWhat’s cooking in the alphabet soup of detection and response with EDR, NDR, MDR, and even MXDR Which analyst you should be following in the XDR spaceSpecial thanks to our Rated XDR visionaries, and be sure to catch their previous episodes if you missed any:Ajit Sancheti, VP of Identity Protection, CrowdStrike Ann Johnson, CVP Security, Compliance, and Identity at MicrosoftYonni Shelmerdine, AVP of Product and Head of XDR at SentinelOneTim Junio, SVP of Products, Cortex at Palo Alto Networks Any guesses on our next series in the podcast? Stay tuned to find out on SON OF A BREACH! 
Palo Alto Networks introduced the industry's first XDR product in February 2019, going beyond endpoint to extended detection and response. Building on the success of their next-generation firewalls, the company continues to disrupt in cybersecurity by integrating in-house innovation with a steady string of acquisitions.In this fourth episode of “Rated XDR”, a SON OF A BREACH! series focused on XDR, Tim Junio, SVP of Products, Cortex at Palo Alto Networks joins CRITICALSTART CTO Randy Watkins to discuss Palo Alto Networks’ XDR strategy and R&D focus, including:Which capabilities and types of data define XDRHow joining endpoint data with network data helped deliver a breakthrough in detection and prevention capabilitiesWhat sets XDR apart from SIEM and endpoint detection approaches in the modern SOCWhat to expect from Palo Alto Networks Cortex® XDR™ 3.0 and beyondJunio is Senior Vice President of Products, Cortex at Palo Alto Networks and former Co-Founder and Chief Executive Officer of Expanse, which Palo Alto Networks acquired in December 2020. He has more than a decade of experience in cyber operations and large-scale distributed sensing. Prior to co-founding Expanse, he worked at DARPA, RAND Corporation, Office of the Secretary of Defense, and the CIA. Junio holds a Ph.D. from the University of Pennsylvania and was a Postdoctoral Fellow at Stanford University. 
 SentinelOne recently made headlines as the highest-valued cybersecurity IPO ever. In a bid to revolutionize extended detection and response (XDR) and further broaden the company’s scope of detection capability, SentinelOne has acquired Scalyr, a leading cloud-native, cloud-scale data analytics platform.In this third episode of “Rated XDR”, a SON OF A BREACH! series focused on XDR, SentinelOne AVP of Product and Head of XDR, Yonni Shelmerdine, joins CRITICALSTART CTO, Randy Watkins, to discuss SentinelOne’s development strategy and approach, including:·       What has most significantly impacted the product group’s evolution and innovation·       How the recent Scalyr acquisition fits with SentinelOne’s in-house product development·       What future capabilities to expect from the Ranger IoT product line ·       Reaction to Gartner’s assessment of SentinelOne in the newest Magic Quadrant for Endpoint Protection PlatformsShelmerdine leads the EDR, XDR, Big Data and Security Research product areas at SentinelOne. Previously, he held product leadership roles at Cybereason, Check Point, Lacoon, and several other early stage start-ups. Shelmerdine is also a veteran of an elite intelligence unit in the Israel Defense Forces and has won multiple awards.
We’ve all seen the negative news about the latest security breaches and ransomware attacks. But we must not forget that the cybersecurity industry prevents many more cyberattacks every day that don’t make headlines.Companies like Microsoft are building security into their tech offerings, securing organizations that increasingly turn to technology to protect against business disruptions.In this second of a series of SON OF A BREACH! podcast episodes focused on extended detection and response (XDR), CRITICALSTART CTO Randy Watkins welcomes Microsoft Corporate Vice President of Security, Compliance, and Identity Ann Johnson, to give us a look behind the scenes of Microsoft’s security strategy, including:·       How Microsoft raised its credibility in the security industry and continues to stay competitive ·       Why Microsoft wants their Azure Sentinel – a cloud-native SIEM and XDR delivery platform – to become the master brain of your security operations center·       The role of XDR in solving alert fatigue caused by overly excited detection logic·       How Microsoft prioritizes their efforts given the constantly evolving threat landscapeAs the change agent who ushered Microsoft to the top of the security industry, Johnson oversees Microsoft’s long-term investment and partnership strategies for security, compliance, and identity. She discusses core areas shaping the cyber landscape on her podcast, Afternoon Cyber Tea. 



Conference badges have evolved from paper and plastic to collectable mini-computers of all shapes and sizes, coveted and collected by security professionals and enthusiasts. The rise of #Badgelife signifies one of the most creative offshoots of security conferences, with its underground culture of hardware art and ingenuity.  In this episode of SON OF A BREACH!, CRITICALSTART CTO Randy Watkins welcomes badge creator Florida Man, a/k/a Jonathan Singer, to celebrate the allure of #Badgelife, reveal how deep the culture runs, and share tips on how to get started in the community. Tune in to learn:·       The colorful, flashy history of #Badgelife·       How unofficial conference badges have come to symbolize the security culture’s uniqueness and sense of community ·       Steps to start collecting or creating digital badges that people want to take home and talk about·       What tools and techniques you need to design and produce your own #Badgelife creationBoth fun and functional, digital badges celebrate computers and the security around them at the hardware level. Many are intentionally hackable so you can take control of the lights, noises, and other built-in features. Singer shares some favorites from his extensive badge collection, which you can see by watching the recorded video of this podcast episode on YouTube.Jonathan Singer is SIEM and SOAR Practice Lead at GuidePoint Security, with certifications including GPEN, GWAPT, GCIA, GCFE, and CEH. He is a self-taught badge creator, who launched his first digital badge at Bsides Orlando 2013. Singer also shares his passion for cybersecurity and hardware on his YouTube channel.
When it comes to your organization’s security, you have to know: Are you collecting the correct data, can you access it quickly, and can you process that data fast enough to make a timely decision – especially when there’s a live attack and every second counts?  In the first episode of Rated XDR, a podcast series focused on XDR, from SON OF A BREACH!, CrowdStrike VP of Identity Protection Ajit Sancheti joins CRITICALSTART CTO Randy Watkins for an in-depth conversation about the promise and possibilities of XDR technology, including:  The role of an XDR platform for a zero trust approach, and how to make it frictionless for the end user How CrowdStrike is focusing on cloud security, zero trust, and XDR at an accelerated pace brought on by the pandemic Perspectives on XDR vs. SIEM  CrowdStrike’s vision of a completed XDR solution What excites Sancheti most about CrowdStrike’s future product roadmap  Sancheti formerly founded and led Preempt Security as CEO, then joined CrowdStrike as part of the company’s acquisition of Preempt in 2020. 
Where Have We Been?

Where Have We Been?


After hosting six podcast episodes, CRITICALSTART Chief Technology Officer Randy Watkins, dedicates episode seven to a brief update on the past, present, and future of our SON OF A BREACH! podcast and announces an exciting upcoming series.Tune in to hear:Why and how the series is taking a new direction What you can expect going forward, based on listener feedback Why you can count on our CTO to continue asking the tough questions that matter to you, especially when it comes to bleeding-edge technologies and their impact on security.What to look forward to in the upcoming Rated XDR series
What’s rocking the insurance industry by creating the highest severity and most frequent losses for insurance carriers? One word: ransomware. Unlawful hackers take control of systems and try to force companies to pay huge amounts to unlock them. The average ransomware payout has grown to nearly $234,000 per event, according to the Coveware Quarterly Ransomware Report (Q3 2020). One cybercriminals gang extorted at least $75 million from private sector companies, local governments, and hospitals, a former NSA contractor determined in a months-long study released this month. Episode 6 of our SON OF A BREACH! podcast series dives deep into the world of cybersecurity insurance and the ramifications of ransomware. Senior Vice President and Principal at RHSB Insurance Doug Jones joins CRITICALSTART Chief Technology Officer Randy Watkins and brings his expertise in insurance risk management that began more than 30 years ago. Jones has focused on technology-oriented risk and cybersecurity insurance for more than 20 years.The ransomware risk is real, so tune in for clear explanations and practical insights on: The insurance implications of ransomware to your business, and why you shouldn’t assume your current cyber liability policy fully covers ransomwareWhich security measures and cybersecurity services can help your company more easily access insurance coverage and receive better ratesWhat to emphasize to your insurance carrier if you’ve had a security-oriented lossWhat to look for in third-party warranties provided by cybersecurity product providers
Confused about risk and how to quantify? You’re not alone. CRITICALSTART CFO Andrew Kaufman brings clarity and insight to this episode of our SON OF A BREACH! podcast series, making dollars and sense of the finances behind security.Risk will never be zero, especially in cybersecurity. Bad actors keep launching new threats, and attack vectors are always changing. With that in mind, Kaufman joins CRITICALSTART CTO Randy Watkins for a risk-focused discussion on: How to quantify and manage risk so you can better prioritize your exposures and protect your organizationThe evolving threat landscape and its impact on “cost impact x probability” risk calculationsHow to decide when to accept, mitigate, or transfer riskThe important CFO-CISO partnership in calculating the value of security and the cost of risk for your businessKaufman’s accounting and financial leadership includes more than 16 years of experience in software, technology, and creating internal controls in financial reporting, particularly for high-growth technology firms. 
While women’s numbers in cybersecurity lag behind men, female leaders in our industry continue to pioneer the way forward. Episode 4 of our SON OF A BREACH! podcast series celebrates International Women’s Month with security visionary Didi Dayton, who joins host and CRITICALSTART Chief Technology Officer Randy Watkins for some timely insights into security growth investments and the expanding female influence in cybersecurity.  Dayton is a partner at Wing Venture Capital, responsible for Customer Markets and Programs. She has held executive positions in sales, channels, and alliances for more than 20 years across multiple successful cybersecurity companies, including hyper-growth organizations such as Websense, FireEye, and Tanium. She successfully led sales and channel teams at companies such as Symantec, Arrow, and Cylance (now Blackberry) through 12 M&A and integration activities. Didi has received CRN’s prestigious Channel Chief award four years running, and she was named to the 50 Most Influential Channel Chiefs and the Power 100 Women of the Channel.  Tune in for expert perspectives on: Security investment strategy and trends Which leadership traits are most important for sales and channel leaders Mistakes CIOs and procurement teams need to avoid Why organizations benefit from women’s style of decision-making Dayton’s advice to women for success in leadership  Dayton and Watkins also deliver shout-outs to some of the leaders who have influenced them most in their careers – who just happen to be women. Watkins also provides highlights of how SolarWinds testimony before the Senate Intelligence Committee became a blame game, plus the recent attack against Microsoft Exchange Servers by a suspected Chinese-based attack group. 
Rock your SOCs

Rock your SOCs


Do you know how to find the right talent and skillsets to build up your Security Operations Center? Or are you looking to start or enhance your career as a security analyst and want to know what training and certifications will take you to the next level? Either way, don’t miss Episode 3 of our SON OF A BREACH! podcast series. Host and CRITICALSTART Chief Technology Officer Randy Watkins welcomes Jordan Mauriello, CRITICALSTART SVP of Managed Security Services, for an insightful look at how to find, train, and develop the type of talent needed to rock your SOC. Mauriello has military, government, and corporate backgrounds in cybersecurity, with experience in everything from penetration testing and malware reverse engineering to physical security, executive protection, and training. His visionary approach to leadership focuses on coaching and engaging highly technical personnel in the workplace.  Tune in for expert perspectives on: What qualities and skills to look for when recruiting security analysts Best interviewing techniques – and how a question about pancakes can uncover your best problem-solvers Why building on fundamentals is so important in a cybersecurity career  Which free training offerings you can take advantage of now Before the deep dive with Mauriello, Watkins highlights the ever-evolving SolarWinds saga and the latest in nation-state sponsored activity by Russia, China, and North Korea. 
Chuvakin be kidding me

Chuvakin be kidding me


In Episode 2 of our new SON OF A BREACH! podcast series, host Randy Watkins, Chief Technology Officer at CRITICALSTART, looks at President Biden’s initial moves on cybersecurity, the new normal of advanced persistent threats, and why organizational security starts with individual users (hint: more than 3 billion passwords have hit the web in a massive collection called the COMB).  Watkins also welcomes special guest Dr. Anton Chuvakin to talk about the world of threat detection, including models, challenges, and how to do it right.Dr. Chuvakin currently focuses on security solution strategy for Google Cloud. He previously was head of solution strategy at Chronicle, an Alphabet company acquisition. For several years he covered a broad range of security operations and detection and response topics at Gartner, where he was Research Vice President and Distinguished Analyst at Gartner’s Technical Professionals (GTP) Security and Risk Management Strategies team.Dr. Chuvakin is a recognized security expert in the field of security information and event management (SIEM), log management, and Payment Card Industry Data Security Standard compliance. He has authored several books and published dozens of papers on those topics.Tune in for Dr. Chuvakin’s expert commentary on topics including: How to get the most value and ROI from SIEMTips for approaching SIEM and detection use casesWhat to look for in extended detection and response (XDR) modelsAdditional perspectives on detection and telemetry  Additional Resources:Look for more content to come from CRITICALSTART. We continue to research with our own facilities and team of experts to gather insights and discoveries around these issues, and we will continue to share our perspective on how to better secure your enterprise.
Blister in the Sunburst

Blister in the Sunburst


The SolarWinds cybersecurity breach, known as Sunburst, made global headlines in December and drew widespread suspicion of being a Russian-based nation-state attack.  Kicking off our new SON OF A BREACH! podcast series, we’ll shine a spotlight on state-sponsored cyber-espionage. Join host Randy Watkins, Chief Technology Officer at CRITICALSTART, as he welcomes industry guests Ben Johnson, CTO and co-founder of Obsidian Security, former chief security strategist and co-founder of Carbon Black, and former NSA computer scientist and cyber engineer for the intelligence community; and Quentin Rhoads-Herrera, director of Professional Services and leader of TEAMARES offensive and defensive teams at CRITICALSTART. Expert commentary and conversations will cover the implications of the SolarWinds breach and what’s next, including: The nature of nation-state attacks Ramifications for security policy  Potential response to the Sunburst attack against the U.S. Nation-state exploits and how advanced they’ve become Additional perspectives on information security  
Looking for a new cybersecurity podcast? Check out Son of a Breach hosted by Critical Start's CTO Randy Watkins. Available on Apple Podcasts, Spotify, Stitcher, Google Podcasts, and more starting January 12th.Learn more about our podcast series at
Download from Google Play
Download from App Store