ISSA International Summit 2019 | Dallas, Texas | An ITSPmagazine Event Coverage

By Sean Martin &  Marco Ciappelli

During our ISSA International Summit in Dallas, Texas, we got to spend some time with our strategic partner, ISSA International, where we were able to tell and listen to many stories throughout the event. This is a sampling of the conversations we captured.

An InfoSec Life | A Fireside Chat With NIST Fellow, Ron Ross, During ISSA International Summit 2019

By Sean Martin

In this fireside chat, Sean Martin discusses the profession of cybersecurity, past, present, and future with Dr. Ron Ross from the National Institute of Standards and Technology.

The interview covered a myriad of topics, including Dr. Ross’ cybersecurity career with the Department of Defense, the Intelligence Community, and NIST; a retrospective of the key projects and cybersecurity initiatives he had led during his forty-five years of public service; mentoring the next generation of cybersecurity professionals; lessons learned; and key cybersecurity and privacy challenges and opportunities for the future.

Audio Notes And Voicemail – New Tricks Of The Phishing Trade

By David Balaban

Cybercriminals are increasingly choosing to cash in on human gullibility rather than the security flaws of software architecture. Phishing, the dominating vector of social engineering attacks targeting individuals and businesses alike, has seen a huge spike over the past few years.

Although the white hats have had some success in detecting and thwarting these hoaxes through features like email gateways, phishers still appear to be at least one step ahead with their tactics. Several recent campaigns have demonstrated how evasive the present-day phishing attacks can get.

One such intricate phishing stratagem originally spotted in early July 2019 abuses the Microsoft OneNote service to dupe users into visiting a bogus authentication page. In another phishing campaign discovered in mid-August 2019, malefactors are forging Microsoft Office 365 voicemail notifications to get victims on their hook.

Take a journey here on ITSPmagazine as David reveals how these schemes work and how users can prepare to spot them before falling victim.

RSA CHARGE 2019, Orlando | An ITSPmagazine Event Coverage

By Sean Martin &  Marco Ciappelli

During our RSA Charge event coverage in Orlando, Florida, we connected with RSA executives, keynote speakers, presenters, panelists, and the InfoSec community to keep the CyberSecurity and Risk Management conversations going. This is the collection of those chats.

The Academy | A Conversation With Candy Alexander and Jon Oltsik

By Marco Ciappelli and Sean Martin

Have a listen to our chat with Candy Alexander, President of ISSA International, and Jon Oltsik, Principal Analyst and Fellow at ESG, as they review some of the latest findings from their research report, The Life and Times of Cybersecurity Professionals.

An InfoSec Life | A Conversation with Alissa Valentina Knight

By Marco Ciappelli and Sean Martin

"A long time ago in a galaxy far, far away...."

I cannot think of a better way to start this intro chronicle to today's Episode. While it will become clear why this is the case as you listen to it, you will probably come to envision a movie made from this story. I sure saw one in my head while I was following along as Alissa was telling us about her many adventures.

The truth might be that I have quite an over sensitive imagination—nothing new there—but I really couldn't resist the impulse of pausing her long enough so I could grab a bucket of popcorn. I know it wasn't just me because Sean was listening quietly for a long time. If you know us, as you should by now, you are likely aware that for he and I, sitting quietly in the background is not an easy thing to do.

MITRE ATT&CK—This Is Not Just Another Framework | A Conversation At The Edge With Katie Nickels, Fred Wilmot, and Ryan Kovar

By Sean Martin

Guests: Katie Nickels | Fred Wilmot | Ryan Kovar
Host: Sean Martin

It took me a while to get the conversation with Katie Nickels and Fred Wilmot sorted so we could talk about all things MITRE ATT&CK. Fortunately, we found some time together in person in Las Vegas during Hacker Summer Camp. As a bonus, I also got the chance to meet Ryan Kovar who happened to be presenting on ATT&CK with Katie that smae week. Ryan joined us for the conversation as well.

Have a listen as we explore what MITRE ATT&CK is, what it’s for, who it’s for, how to get started with it, how to be successful with it, and what scenarios could be leveraged to learn from others’ successes and challenges.

An InfoSec Life | A Conversation With Vandana Verma

By Marco Ciappelli

All right, ladies and gentlemen, it finally happened: Vandana Verma is my distinguished guest on this An InfoSec Life Podcast.

For those of you that haven't had the pleasure to meet her in person—Sean and I had this honor in Las Vegas this year—let me tell you, she is as nice as she sounds. In my opinion, there is nothing more valuable to add to someone's professionalism and skills than a big heart. It helps to make them a role model and an inspiration for any just entering—or that are about to enter—their career in the InfoSec community.

Is The Road To Hell Paved With Good Intentions? | In The News With Erez Yalon

By Marco Ciappelli & Sean Martin

Guest: Erez Yalon, Director of Security Research at Checkmarx

In this ‘In The News’ segment we are discussing the “LeapFrog accident” that has been going around the news since Black Hat when our friend, Erez Yalon, disclosed some research that uncovered some severe vulnerabilities on IoT tablets made specifically for children.

Chill out. There’s no need to panic. The good news part of this story is that the company stepped in quickly and acted responsibly. So why are we talking about it if the problem is solved?

Here is why:

  • We do not thrive on clickbait and FUD

  • We want to help the cybersecurity community to build a better, safer technological future

  • We believe that knowledge is power and education is society’s superpower against cyber threats

  • We do not think that stopping people from using technology is the way to safety; not even for—maybe even less for—kids (we want them to play and learn!)

We believe we can make ethical decisions now that will help the future generations take full advantage of a technologically advanced society.

Join us in building that future. Start by listening to this podcast.

When Ransomware Strikes Our Towns | In The News With Michael Echols and Edward Block

By Sean Martin & Marco Ciappelli

Guests:
- Michael Echols
, CEO, IACI International Association of Certified ISAOs and former Director, Cyber Joint Program Management Office, US Dept. of Homeland Security
- Edward Block, Practicing Attorney, Foley Gardere, and former Chief Information Security Officer, State of Texas

Many small town and cities across the grand state of Texas have had better days. Much better days, in fact. There have been many articles highlighting the recent ransomware attacks to successfully compromise more than nearly two dozen Texan towns.

We had many questions to ask our two guests — both of whom have a direct and deep understanding of these types of attacks, the readiness of this specific region, and the potential threats looking in other similar regions across the United States. Have a listen to hear their thoughts on this situation.

The Jenny Radcliffe Talk Show | Episode Zero

By Marco Ciappelli & Sean Martin

“Water drops hit the wet stone floor. The sound reverberates in the distance.”

“I see there is somebody lurking in the shadow here.”

“Grunt__”

“Sean?__”

“Grunt__” “Grunt__”

“He couldn't sound creepier if he tries to sound creepier__

“I could try.”

“He could probably be.“

“He probably could. He probably could__ anxious laugh.”

“Evil laugh echoes in the emptiness of the dark corridor__”

This was not scripted. It just happened. The podcast starts like this and there is nothing I can do about it. Actually, to be honest, I am glad it did.

Black Hat USA 2019 Event Coverage | A Conversation With Steve Wylie

By Sean Martin &  Marco Ciappelli

Black Hat USA 2019 was a huge success — again. Toward the end of the conference, Sean and Marco connect with Black Hat General Manager, Steve Wylie, to have him give us an overview of what happened throughout the week of trainings, briefings, and summits.

Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price

By Sean Martin &  Marco Ciappelli

Guest: Kymberlee Price, Microsoft

I was excited for two things happening during this year's Hacker Summer Camp excursion:

1) An opportunity to meet—in person—someone leading the bug bounty charge for quite some time: Kymberlee Price, Principal Security PM Manager - Microsoft Security Response Center's Community Programs

2) To explore and discuss the dedicated Bug Bounty micro-summit during Black Hat USA 2019

Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).

I loved this having conversation and hearing Kymberlee's story.

Now it's your turn to hear it. Have a listen.

Black Hat USA 2019 Event Coverage | A Conversation With Stephanie “Snow” Carruthers

By Marco Ciappelli & Sean Martin

I happen to know some of the more skilled social engineers in the cybersecurity industry, and during Hacker Summer Camp 2019, Sean Martin and I were invited to meet one of the best.

You probably know her. She goes by the handle @sn0ww. This is her story.

Do you want to hear it? Of course, you do. No, really, you do. You don’t want to be the only one not listening to it, do you?

Go ahead, type your in your SSN, and click play... 🔥😇😈🔥

Black Hat USA 2019 Event Coverage | A Conversation With Charity Wright

By Marco Ciappelli & Sean Martin

No doubt, we are living interesting times—full of incredible technological advancements and achievements. Yet, we still get to see the other side of the picture—cybercrime at its worst.

The dark web is peaking on a global scale. Last year, there were over 4 million users on TOR, and, with that, we are seeing some other “interesting” trends. It’s these trends which lead us to our second conversation with Charity—this time during Black Hat 2019.

Hacker Summer Camp Event Coverage | Cybersecurity Woman of the Year — 2019 Awards

By Sean Martin &  Marco Ciappelli

We care deeply and passionately about creating a diverse cybersecurity workforce — not just when it come to gender, but also for background, origin, age, religion, neuro-makeup, and more — essentially anything and everything that makes us unique; makes us human. We hope to reach a point where we no longer have to shake the box to remind ourselves of the benefits associated with diversity, but until we reach that point, you’ll find us shaking things up at the intersection of technology, cybersecurity, and society. With this, we ask you to celebrate with us the successes these cybersecurity leaders have achieved.

Mission Critical with Karen Worstell | Episode Zero

By Marco Ciappelli & Sean Martin

Welcome Mission Critical. A new talk show on ITSPmagazine Hosted by Karen Worstell

This is about the challenges in cyber and how the cyber community can thrive and “stay in the game” in the face of them.

Karen knows from experience that all those things come from a workplace with high expectations and a sense of belonging—and we need a lot of help with that right now! At the heart of this series of podcasts are the values she has learned to hold most dear: Justice, Compassion, Leadership and Allyship.  

Listen to Karen, Sean, and Marco introducing this new talk show.

We couldn’t ask for a better host to tell these stories and help us to make a difference in our community.

Chats On The Road To Hacker Summer Camp 2019 | DEF CON 27 — Policymakers | A Conversation With Meg King and Beau Woods

By Marco Ciappelli & Sean Martin

Black and blue, and who knows which is which, and who is who?

It is a matter of perspective and a matter of time — and given the right knowledge, these usually change together. Don't they? What is at stake and what we are fighting for can change yesterday's foe into tomorrow's best ally. But what about today?

I believe that today in technology and infosec, we are at the crossroad where Sean and I have been waiting for a few years now. Exactly 4 years ago, when we founded ITSPmagazine, we did it because we wanted to have the conversation that media, politicians, business owners, technology experts, and politicians were not having yet - and, most still don't.

Chats On The Road To Hacker Summer Camp 2019 | DEF CON 27 — AppSec Village | A Conversation With Erez Yalon, Liora Herman, and Jim Manico

By Sean Martin &  Marco Ciappelli

It’s also important to recognize that the products and solutions (and applications) we are building a using are comprised of multiple components from all of the place—custom, commercial, and open source—and from all over the world.

At the end of the day, we’re all speaking about code and we all need to write secure code. Start speaking about it with your peers at the inaugural AppSec Village at DEF CON 27. But first, have listen to this chat to learn more.