At The Edge

MITRE ATT&CK—This Is Not Just Another Framework | A Conversation At The Edge With Katie Nickels, Fred Wilmot, and Ryan Kovar

By Sean Martin

Guests: Katie Nickels | Fred Wilmot | Ryan Kovar
Host: Sean Martin

It took me a while to get the conversation with Katie Nickels and Fred Wilmot sorted so we could talk about all things MITRE ATT&CK. Fortunately, we found some time together in person in Las Vegas during Hacker Summer Camp. As a bonus, I also got the chance to meet Ryan Kovar who happened to be presenting on ATT&CK with Katie that smae week. Ryan joined us for the conversation as well.

Have a listen as we explore what MITRE ATT&CK is, what it’s for, who it’s for, how to get started with it, how to be successful with it, and what scenarios could be leveraged to learn from others’ successes and challenges.

The State Of CyberSecurity And Innovation In Ireland And The EU | A Dialogue With Brendan Bonner & John Durcan

By Sean Martin

Guests: Brendan Bonner | John Durcan

Wouldn’t it be good if we could cross the business-to-cybersecurity bridge such that we all have a good picture for what’s important for the business — and ultimately for humanity and the societies for which we create? This is the main driver underneath a two-part conversation I had earlier this year with Brendan Bonner, Chief Technologist — Technology, Content and Business Services at IDA Ireland, and John Durcan, Senior Technologist at Enterprise Ireland.

Reverse Engineering BlueKeep: What You Need To Know To Prepare

By Sean Martin

Guests: Scott Scheferman | Rick McElroy | @JaGoTu

I recently came across a post from Scott Scheferman about the BlueKeep vulnerability and patch that intrigued me. After a few attempts to bring together a few folks, I was able to pull in Rick McElroy and @JaGoTu to join Scott and I for a chat about what’s real with respect to this threat. Needless to say, this group did not disappoint.

During our nearly-one-hour chat, we cover tons of stuff and there’s a lot to absorb here. I would encourage you to take the time to learn from this conversation and then apply what you’ve learned to your infosec program. And, if you value the community, take a moment to share this with a few of your peers to help them out.

Official Launch Of The Cyber Ireland Cluster | County Cork

By Sean Martin

Guests: Eoin Byrne, Jacky Fox, Pat Larkin

Lead by IDA Ireland with support from Enterprise Ireland and in collaboration with academia, industry, and government, Cyber Ireland officially launched on 20 May, 2019 as the official establishment of a National Cyber Security Cluster in Ireland, hosted at Cork Institute of Technology. In addition to attending the event, I recorded a podcast with some of the board members and captured some pictures as well.

You Are Number Six! I Am Not A Number! I Am A Free Device! — The Importance Of Identity In The Connected World

By Sean Martin

Guests: Emily Miller | Ted Harrington | Dean Weber
Host: Sean Martin

In today's episode, I connect with Emily, Dean, and Ted, we look at the current state of security in IT, OT, IoT, and ICS — and the connections between these different environments.

Together, we explore how identity plays a critical role in ensuring a safe environment that can be traced to specific sensors, devices networks, and people. And, with the massive numbers of things hitting the market—and our society—we attempt to answer the question surrounding our ability (or lack thereof) to scale the controls and protections to minimize—or perhaps even eliminate—undue exposure to risk introduced by these things.

The 12th Edition Verizon Data Breach Investigations Report (DBIR): Read It And Spring into Action

By Sean Martin

Guests: Gabriel Bassett | John Grim
Host: Sean Martin

Today's episode comes to you in concert with the release of the 12th edition of the Verizon Data Breach Investigation report comprised of data from 73 contributors, the highest number since its launch. Gabriel Bassett, Senior Information Security Data Scientist and John Grim, Senior Manager, Investigative Response Team — both from Verizon Enterprise Solutions — join ITSPmagazine's Sean Martin. We discuss the role of the DBIR in building and maintaining information security programs, what some of the key findings are, and how to make the data actionable.

We’re Moving Toward Technologies That Enable Humans Rather Than Try To Automate Them

By Sean Martin

During RSA Conference 2019 in San Francisco, Sean Martin sat down with Jill Orhun, Head of Strategy and Operations for Cyber at Devo, Seema Sheth-Voss, VP Product Marketing at Devo, and Chris O’Brien, Head of Technical Marketing at Devo — a group of folks who connect with customers and prospects — to discuss trends and anomalies they’ve seen.

Will Blockchain Be Or Not Be The Big Wave To Ride

By Sean Martin

Guests: Simon Harman | Anthony Stevens
Host: Sean Martin

Blockchain — a topic that still gets a lot of attention, even if it seems to be overplayed in the media, the workplace, and in the venture world. So what is it, does it actually provide value, and is there a place for it? Listen in to hear Simon Harman, project lead for the Loki project, and Anthony Stevens, Founder and CEO of Digital Asset Ventures, give their take on why blockchain will—or won’t—be the next big wave of technology deployment in the near future.

Businesses Are Talking About Technology. But Are They Tech Savvy Yet?

By Sean Martin

During RSA Conference 2019 in San Francisco, Sean Martin sat down with Rod Simmons, Vice President of Product Strategy for Active Directory at STEALTHbits Technologies, to get his thoughts and insights into the current state of the Identity and Access Management space through the lens of both the conference sessions and sprawling expo hall(s).

An ERP Privacy Cost Analysis: Data Value vs Data Liability

By Sean Martin

Sean Martin chats with Larry Harrington of The IIA and Raytheon, and Juan Perez-Etchegoyen of Onapsis about privacy, which is not an IT issue, it’s a business issue. Since GDPR, the customer has the upper hand in many cases, and because of this, privacy extends beyond pure business operations and into the world of ethics and morals. There’s a lot packed into this podcast!

RSA Conference San Francisco 2019 | Fulfilling Our Mission of Supporting the Community At The Intersection Of IT Security And Society

By Sean Martin

After nearly a few decades in the InfoSec industry, Sean Martin has a deep look back at RSA Conference in San Francisco to see how things have changed, what was top-of-mind this year, and how the community aspect of the conference this year made for one of the best events yet for Sean, the ITSPmagazine team, and the publication overall.

Why Do Phishing And Business Email Compromise Even Exist?

By Sean Martin

In today’s episode, Sean Martin chats with Anand Raghavan, Co-founder & Chief Product Officer at Armorblox, and Chuck Drobny, President & CEO at GlobaLogix, about two hot topics that are a regular thorn in our InfoSec sides: phishing and business email compromise. They explore how the industry is leading us to overcome this challenge, beginning with user awareness training and IT security training, before taking a turn to the technology stack, user workflows, business automation and security management orchestration.

A CISO's Perspective: Hot Topics During RSA Conference San Francisco 2019 | Taylor Lehmann

By Sean Martin

Taylor Lehmann stopped by the ITSPmagazine kiosk during RSA Conference 2019 in San Francisco to have a chat with Sean Martin. Some of the top topics that Taylor saw and heard within and surrounding the conference included Machine Learning and AI (what's real and what's not), third-party risk (what are some of the details for how to make it work) and identity and identity analytics (how does it impact health systems with employees, patients, and devices?).

At The Edge | Unusual Gathering | Episode XXIII | Guests Sian John, Candy Alexander, Allan Alford

By Sean Martin

Guests: Sian John | Candy Alexander | Allan Alford
Host: Sean Martin

During this At The Edge themed Unusual Gatherings Talk Show, Sean Martin asks his guests — Sian John from Microsoft, Candy Alexander from ISSA International, and Allan Alford from Mitel — how risk management and risk ownership change — if the CISO will be responsible for manipulating a risk acceptance slider with a business driver slider — and what the future of the InfoSec team looks like for the CISO (does the CISO role even exist)?

Experts Corner Webcast: What Does It Take To Operationalize A SOAR?

By Sean Martin, host of At The Edge

The primary goal with this webcast discussion is to highlight the value of a SOAR (security orchestration automation and response) platform/model in order to help companies figure out how best to operationalize it as part of their security management programs. The key point here is “operationalize” … who should be involved, what do they need in place in order to succeed (tech/process/people, both within and outside of the platform), and what can they expect from an operational benefit perspective.

Are We Investing In InfoSec To Solve Problems Or Make Money?

By Sean Martin, host of At The Edge

In today's episode, Jay Leek and Patrick Heim of ClearSky Ventures shine the light on a ton of stuff related to the state of the InfoSec market and how cybersecurity investments play a role in the ecosystem of protection, detection, and response. Listen in to get their individual and combined views on investment strategies, investment buzzwords, and the categorization of the 4 types of security companies and how the categories impact investment decisions. Jay and Patrick even share some advice for the organizations making attempts to consume some of these innovative products.

Operationalizing IoT Security Using The OWASP Top 10 Project

By Sean Martin, host of At The Edge

In this episode, Sean Martin connects with Aaron Guzman and Daniel Miessler, and we take a look at the new edition of the OWASP Top 10 for the Internet of Things. The project, which began in 2014, contains a lot of work related to identifying the risks, vulnerabilities, and controls necessary to safely deploy and use Internet-connected devices at work, at home, and in society. Aaron and Daniel walk us through the top 10 list, giving us some insight into each item and how it can have an impact on the how things are built, implemented, and broken.

A Visual Of What A Real Cyber Attack Looks Like

By Sean Martin, host of At The Edge

In this episode, we look at the Verizon Data Breach Digest cases and how they can help organizations operationalize their risk and security management programs. John Grim from Verizon paints some visual pictures for us to chew on, breaking down how the attacks originate, how the target is reached, how the internal victims and stakeholders are impacted, how companies can respond, and how non-victim organizations can prepare and protect their business from a similar attack.

Using A Slack Bot To Help With User-Based Security Decisions

By Sean Martin, host of At The Edge

In this episode, Dinis Cruz, the Chief Information Security Officer at the PhotoBox Group out of London, joins Sean Martin to talk about end user risk management and the value of automating user-based security decisions using ChatOps.

A Daily Dose Of Cybersecurity. What's Your Serving Size?

By Sean Martin, host of At The Edge

What does it take to be CyberAware? What can we learn from the cybercriminals? What can we learn from each other? Everyone has a success story and everyone has a failure; how can we leverage these to extract a valuable learning lesson? Sean Martin chats with Jenny Radcliffe and Mikko Hypponen to hear what they’ve learned as they’ve engaged with users, companies, countries, and law enforcement from around the world.