By Sean Martin
In this fireside chat, Sean Martin discusses the profession of cybersecurity, past, present, and future with Dr. Ron Ross from the National Institute of Standards and Technology.
The interview covered a myriad of topics, including Dr. Ross’ cybersecurity career with the Department of Defense, the Intelligence Community, and NIST; a retrospective of the key projects and cybersecurity initiatives he had led during his forty-five years of public service; mentoring the next generation of cybersecurity professionals; lessons learned; and key cybersecurity and privacy challenges and opportunities for the future.
By David Balaban
Cybercriminals are increasingly choosing to cash in on human gullibility rather than the security flaws of software architecture. Phishing, the dominating vector of social engineering attacks targeting individuals and businesses alike, has seen a huge spike over the past few years.
Although the white hats have had some success in detecting and thwarting these hoaxes through features like email gateways, phishers still appear to be at least one step ahead with their tactics. Several recent campaigns have demonstrated how evasive the present-day phishing attacks can get.
One such intricate phishing stratagem originally spotted in early July 2019 abuses the Microsoft OneNote service to dupe users into visiting a bogus authentication page. In another phishing campaign discovered in mid-August 2019, malefactors are forging Microsoft Office 365 voicemail notifications to get victims on their hook.
Take a journey here on ITSPmagazine as David reveals how these schemes work and how users can prepare to spot them before falling victim.
"A long time ago in a galaxy far, far away...."
I cannot think of a better way to start this intro chronicle to today's Episode. While it will become clear why this is the case as you listen to it, you will probably come to envision a movie made from this story. I sure saw one in my head while I was following along as Alissa was telling us about her many adventures.
The truth might be that I have quite an over sensitive imagination—nothing new there—but I really couldn't resist the impulse of pausing her long enough so I could grab a bucket of popcorn. I know it wasn't just me because Sean was listening quietly for a long time. If you know us, as you should by now, you are likely aware that for he and I, sitting quietly in the background is not an easy thing to do.
By Sean Martin
Guests: Katie Nickels | Fred Wilmot | Ryan Kovar
Host: Sean Martin
It took me a while to get the conversation with Katie Nickels and Fred Wilmot sorted so we could talk about all things MITRE ATT&CK. Fortunately, we found some time together in person in Las Vegas during Hacker Summer Camp. As a bonus, I also got the chance to meet Ryan Kovar who happened to be presenting on ATT&CK with Katie that smae week. Ryan joined us for the conversation as well.
Have a listen as we explore what MITRE ATT&CK is, what it’s for, who it’s for, how to get started with it, how to be successful with it, and what scenarios could be leveraged to learn from others’ successes and challenges.
All right, ladies and gentlemen, it finally happened: Vandana Verma is my distinguished guest on this An InfoSec Life Podcast.
For those of you that haven't had the pleasure to meet her in person—Sean and I had this honor in Las Vegas this year—let me tell you, she is as nice as she sounds. In my opinion, there is nothing more valuable to add to someone's professionalism and skills than a big heart. It helps to make them a role model and an inspiration for any just entering—or that are about to enter—their career in the InfoSec community.
Guest: Erez Yalon, Director of Security Research at Checkmarx
In this ‘In The News’ segment we are discussing the “LeapFrog accident” that has been going around the news since Black Hat when our friend, Erez Yalon, disclosed some research that uncovered some severe vulnerabilities on IoT tablets made specifically for children.
Chill out. There’s no need to panic. The good news part of this story is that the company stepped in quickly and acted responsibly. So why are we talking about it if the problem is solved?
Here is why:
We do not thrive on clickbait and FUD
We want to help the cybersecurity community to build a better, safer technological future
We believe that knowledge is power and education is society’s superpower against cyber threats
We do not think that stopping people from using technology is the way to safety; not even for—maybe even less for—kids (we want them to play and learn!)
We believe we can make ethical decisions now that will help the future generations take full advantage of a technologically advanced society.
Join us in building that future. Start by listening to this podcast.
- Michael Echols, CEO, IACI International Association of Certified ISAOs and former Director, Cyber Joint Program Management Office, US Dept. of Homeland Security
- Edward Block, Practicing Attorney, Foley Gardere, and former Chief Information Security Officer, State of Texas
Many small town and cities across the grand state of Texas have had better days. Much better days, in fact. There have been many articles highlighting the recent ransomware attacks to successfully compromise more than nearly two dozen Texan towns.
We had many questions to ask our two guests — both of whom have a direct and deep understanding of these types of attacks, the readiness of this specific region, and the potential threats looking in other similar regions across the United States. Have a listen to hear their thoughts on this situation.
“Water drops hit the wet stone floor. The sound reverberates in the distance.”
“I see there is somebody lurking in the shadow here.”
“He couldn't sound creepier if he tries to sound creepier__”
“I could try.”
“He could probably be.“
“He probably could. He probably could__ anxious laugh.”
“Evil laugh echoes in the emptiness of the dark corridor__”
This was not scripted. It just happened. The podcast starts like this and there is nothing I can do about it. Actually, to be honest, I am glad it did.
Guest: Kymberlee Price, Microsoft
I was excited for two things happening during this year's Hacker Summer Camp excursion:
1) An opportunity to meet—in person—someone leading the bug bounty charge for quite some time: Kymberlee Price, Principal Security PM Manager - Microsoft Security Response Center's Community Programs
2) To explore and discuss the dedicated Bug Bounty micro-summit during Black Hat USA 2019
Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).
I loved this having conversation and hearing Kymberlee's story.
Now it's your turn to hear it. Have a listen.
Daniel Browne SSCP CEH describes a personal experience of major differences between UK/Irish companies and American companies in creating IT/ Cybersecurity opportunities for those at the High Functioning end of the Autistic Spectrum.
I happen to know some of the more skilled social engineers in the cybersecurity industry, and during Hacker Summer Camp 2019, Sean Martin and I were invited to meet one of the best.
You probably know her. She goes by the handle @sn0ww. This is her story.
Do you want to hear it? Of course, you do. No, really, you do. You don’t want to be the only one not listening to it, do you?
Go ahead, type your in your SSN, and click play... 🔥😇😈🔥
No doubt, we are living interesting times—full of incredible technological advancements and achievements. Yet, we still get to see the other side of the picture—cybercrime at its worst.
The dark web is peaking on a global scale. Last year, there were over 4 million users on TOR, and, with that, we are seeing some other “interesting” trends. It’s these trends which lead us to our second conversation with Charity—this time during Black Hat 2019.
We care deeply and passionately about creating a diverse cybersecurity workforce — not just when it come to gender, but also for background, origin, age, religion, neuro-makeup, and more — essentially anything and everything that makes us unique; makes us human. We hope to reach a point where we no longer have to shake the box to remind ourselves of the benefits associated with diversity, but until we reach that point, you’ll find us shaking things up at the intersection of technology, cybersecurity, and society. With this, we ask you to celebrate with us the successes these cybersecurity leaders have achieved.
Welcome Mission Critical. A new talk show on ITSPmagazine Hosted by Karen Worstell
This is about the challenges in cyber and how the cyber community can thrive and “stay in the game” in the face of them.
Karen knows from experience that all those things come from a workplace with high expectations and a sense of belonging—and we need a lot of help with that right now! At the heart of this series of podcasts are the values she has learned to hold most dear: Justice, Compassion, Leadership and Allyship.
Listen to Karen, Sean, and Marco introducing this new talk show.
We couldn’t ask for a better host to tell these stories and help us to make a difference in our community.
Black and blue, and who knows which is which, and who is who?
It is a matter of perspective and a matter of time — and given the right knowledge, these usually change together. Don't they? What is at stake and what we are fighting for can change yesterday's foe into tomorrow's best ally. But what about today?
I believe that today in technology and infosec, we are at the crossroad where Sean and I have been waiting for a few years now. Exactly 4 years ago, when we founded ITSPmagazine, we did it because we wanted to have the conversation that media, politicians, business owners, technology experts, and politicians were not having yet - and, most still don't.
It’s also important to recognize that the products and solutions (and applications) we are building a using are comprised of multiple components from all of the place—custom, commercial, and open source—and from all over the world.
At the end of the day, we’re all speaking about code and we all need to write secure code. Start speaking about it with your peers at the inaugural AppSec Village at DEF CON 27. But first, have listen to this chat to learn more.