Reinventing Privileged Access Management | A Dialogue With Martin Cannard, VP, STEALTHbits

A Their Story interview with Sean Martin

Today’s guest is Martin Cannard, Vice President, Product Strategy (Privileged Access Management) at STEALTHbits Technologies. Martin and I look at the past to explore how the world of access control and privileged access management (PAM) has changed, mainly driven mobile, cloud, and the Internet of Things.

Martin shares some stories about how organizations are changing the way they define and implement privileged access management solutions, turning the technology—and their operational infrastructure—on its side business to better support business requirements without opening up the gates too wide nor closing them down too much.

Ultimately, it’s about finding that “just right” access model that accounts for changes in risk, threat, context. This isn’t an easy task when faced with growing technical complexities, increasingly-demanding business processes, and the need to scale to meet both market and end-user demands.

After you listen to this story by STEALTHbits, check to see if your perception of privileged access management has changed—and, if so, how.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Ronan Cremin, Afilias

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Ronan Cremin, CTO, Afilias

Marco and I are fortunate in that we get to hear a lot of stories. Of course, as one of our mantras spells out, we are always on the lookout for stories that are better than others.

This story is that and a bit more. It is made of the stuff that nightmares are made off; to the point that Marco has been inspired to write a Cybersecurity Halloween Short Story after hearing this one. We shall see if that is actually going to happen. 

in the meantime, it’s probably a good to take a deep breath before you listen (or watch a snippet of) our conversation with Ronan to the nightmare people may have gotten themselves into. Maybe it that new phone deal you got online wasn’t that good of a deal after all. Perchance it was just a nightmare. Perhaps it wasn’t.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Yaron Kassner, Silverfort

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Yaron Kassner, Co-Founder and CTO | Silverfort

What if you could have your cake and eat it too? No matter how many times you hear this, it still sounds good. Conversely, however, we can’t even remember how many conversations we’ve had over the years, about passwords and how inconvenient and old-fashioned they are—both for today’s businesses and for personal lives operating in the digital age.

Unfortunately not much has changed and, for a while, it looked like the best way to deal with adding extra security to a password was to verify it with yet another password. It felt like we were trying to maximize protection while minimizing disruptions; seemingly, this was (and still is?) as impossible as tasting that sweet cake and still having it. Drats!

Well, times are changing, and technology is finally coming to the rescue. Here is a story about it.

With over a decade in the cybersecurity industry, today’s guest — Yaron Kassner, Co-Founder of and CTO at Silverfort — tells a story of a career path that takes him through the data science and machine learning halls of Microsoft and Cisco before co-founding the Isreali-based firm, Silverfort, in 2015.

It's a good story. Have a listen. Just input your password when prompted.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Will Glazier and Matt Keil, Cequence Security

A Their Story interview with Sean Martin & Marco Ciappelli
Guests: Will Glazier, Head of CQ Crime Research and Matt Keil, Director of Product Marketing | Cequence Security

During Black Hat, we had the chance to meet two of these individuals from Cequence Security: one is a security research veteran that has been with the company for a long time and the other a new-hire but with a long and solid history of looking after product marketing for another very well-known security brand.

During our chat, we get to talk about a lot of things, including the birth and evolution of a start-up; the potential liability a company may incur if they have a massive infrastructure built of IoT devices that get compromised, and; bots and other automated devices that can be turned into a cyber army with evil plans and unpleasant consequences for the Internet and its users.

It was a wild ride; a conversation that we truly enjoyed. We invite you to join us as Will and Matt take us up and down the rollercoaster of InfoSec.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Mahesh Rachakonda, CipherCloud

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Mahesh Rachakonda, CISSP, VP - Product & Solution Engineering | CipherCloud

With a background rooted in engineering, computer science, and middleware systems development, Mahesh Rachakonda, CISSP, VP Product & Solution Engineering at CipherCloud, has worked on several complex systems, including those found in hospitality, telecommunications, and even some military installments.

Taking the story beyond his role in the industry to that of CipherCloud’s story—which began back in 2010—Mahesh explains to us that the main company message and goal was all about enabling cloud adoption; something that initially took quite some effort to get organizations and people prepared and ready to trust this new operating environment.

As businesses adopted these cloud technologies, they also began to realize that there was a lot to understand concerning how and where security policies, controls, monitoring, and response were handled. This challenge is exacerbated given the sheer number of cloud environments running countless applications and services—which can vary dramatically depending on the industry and widespread use cases within each.

Listen to this story about Mahesh and CipherCloud. There is something interesting here for everyone — no doubt about it.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Jay Kim, DataLocker

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Jay Kim, CEO and Founder | DataLocker

For today’s story, Sean and I connect with a former pharmaceutical IT professional and now-CEO of DataLocker, Jay Kim. While focused on IT problems, Jay found himself in the crosshairs of the Y2K phenomenon and got a real taste for what the “A” meant in the information security CIA Triad (Confidentiality, Integrity, and Availability). As a consequence of his choice to be in IT, Jay found himself on a business trip where he met an engineer with a novel idea about manufacturing secure external hard drives.

The idea turned into a patented, secure external hard drive device that was a platform-independent device with a built-in keypad used for authentication—meaning all the users had to do was plug it in and type in their passcode to access the data on the drive. With this, the company, DataLocker, was formed.

There’s a decent amount of story told by Jay covering the years following their FIPS-validated product in 2009, and I would encourage you to listen to hear how the business was, founded and funded, how the team grew, and how the product line and overall solution set was enhanced. Listen up. We think you will find some inspiring words here. 

Their Story At Hacker Summer Camp | Las Vegas 2019 | Mounir Hahad, Juniper Networks

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Mounir Hahad, Head of Juniper Threat Labs | Juniper Networks

We’ve had a number of Their Story conversations with the team at Juniper Networks over the years; many of them happened to be with our good friend Mounir Hahad. We were happy to have the opportunity to sit down with him once more for another chat.

This time, however, we brought him back to the beginning of his career and what motivated him to chose this path. He speaks to living in a different country, separated from the rest of his family—and while leveraging technology as a means to keep in touch, when he realized how vulnerable the general public is against cybercrime. With this inner call, Mounir found his passion and mission: to be part of the solution to help combat cybercrime in business and throughout society.

By now, we know that the security ecosystem is never a static picture, but what does this constant change look like Have a listen to see if you agree with Mounir’s perspective; maybe now is a good time to double-check if you are doing everything you can when it comes to protecting your systems and data across the infrastructure you’ve deployed for your business.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Paul Russert, SecurityFirst

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Paul Russert, VP of Marketing | SecurityFirst

Most cybersecurity professionals we meet seem to have followed their passion when they stepped into this job—this career. Yes, this is the case for our today's guest—Paul Russert—who was blessed with an early retirement opportunity from the tech industry and found himself filling his time volunteering for Habitat for Humanity as a construction leader. While fulfilling, Paul realized that, after three years, he had "nobody to play with," and he needed to go back for more.

Paul was ready for the change—and the challenge—and made the jump back into the corporate world. He is now helping organizations protect the data they have with a solution that connects intelligent encryption with in-depth access control capabilities on top of existing identity management tools. This ensures that only those with approved access are allowed to see the data through an agreed set of applications bound to the time(s) specified within the approved policies.

Have a listen to our conversation as we try to find that perfect balance of capability and security driven by our a newfound desire to protect our personal privacy.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Darren Mar-Elia, Semperis

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Darren Mar-Elia, Head of Product | Semperis

We’ve said it many times and we won’t change our mind anytime soon: we go to conferences to meet old friends, make new ones, and have stimulating conversations. It can be a tour de force as we have a limited amount of time and an almost unlimited number of topics we can chat about. Yes, we can all agree that the InfoSec industry has become a variegated field with a great variety of people and stories. We sure love that, but when story time is also lunch time, it takes a special topic to get the the energy level up and starting the podcast by telling stories about the early days (1970’s) of the Atari 800 can have that reinvigorating effect. That’s exactly what Marco and I did when we spoke with Darren Mar-Elia from Semperis. That wasn’t all that we spoke about though—that was just the ice-breaker for the chat we had.

Thankfully, Darren is able to provide some seriously-valuable insight into the questions we had for him. However, for one final question, Darren had a different idea in mind.

Have a listen to hear what Darren’s plan is when this eventuality becomes reality.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Willy Leichter, Virsec Systems

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Willy Leichter, Vice President, Marketing, Virsec Systems

Keep it simple, they say. With technology—and cybersecurity—most of the time, this is way easier said than done; especially when you set out from the start to solve very complex problems. But you know what you can do? You can look at these problems from a different angle and make your mission and goal to find solutions that are simple to deploy and manage.

If a picture helps to describe what this looks like, you can use an analogy like Google Maps. Virsec maps what's supposed to happen within the app and then, in real-time—since they have it mapped—they can see if it's going off the rails, going somewhere different than where is supposed to go, or in our case, if it's doing what it's supposed to do. It's a fundamentally different view of security.

Listen to Willy and hear how he tells this story in full detail.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Andrew Brandt, Sophos

A Their Story interview with Sean Martin & Marco Ciappelli
Guest: Andrew Brandt, Principal Researcher | Sophos

ou’ve likely heard that cybercriminals run their underground businesses similar to those seen in public—they have employees, managers, executives—they have formal business processes, employ marketing tactics, use innovative technologies, and even employ machine learning, artificial intelligence, and automation to help them get the best return—they have a supply chain to help the cybercriminal community make the most of their business ventures—and, with this, of course, there is a ton of supply and demand up and down the cybercrime stack.

Don’t worry. For those of you that like to connect technology and research to the business end of things, we’re fortunate in that Andrew is able to take us down some intricate paths. Ready to dig deep beneath the underbelly of the world of cybercrime? Have a listen.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Dimitri Vlachos and Matt Mosley, Devo

A Their Story interview with Sean Martin & Marco Ciappelli

Guests: Guests: Dimitri Vlachos, CMO and Matt Mosley, VP of Products, Cyber Security | Devo

The timing was perfect to have this conversation about the role and success of the SOC analyst since the Ponemon Institute and Devo put together a new research-driven report covering this topic: Improving The Effectiveness Of The SOC. Marco was happy to join me to discuss the results with Dimitri and Matt, and we uncovered some additional elements to consider when a poor user experience is delivered with a security application or service. Without giving everything away, I will leave you with one word: burnout.

We looked at this issue with more vigor, exploring how the findings from this research, increased consideration for the SOC analyst and their career lifecycle, and a collection of better tools built with the user experience in mind can make the difference now and in the future.

Intrigued? If you use a security product or lead a team that uses security products, you should be. Have a listen and share this with your peers. They will appreciate it.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Sean Dillon (zerosum0x0) and Nate Caroe (The_Naterz), RiskSense

A Their Story interview with Sean Martin

Guests: Sean Dillon, Sr. Security Rǝsearcher and Nate Caroe, Security Analyst | RiskSense

Since the publication of a podcast I put out not too long ago where I explored the realities behind the BlueKeep RDP vulnerability, I was determined to find a time to connect with the leading research, Sean Dillon (aka zerosum) to get his perspective and an update on his research surrounding this vulnerability. Little did I know that we would not only be fortunate enough to connect with Sean to discuss BlueKeep during Black Hat in Las Vegas, but we would also get a chance to bring in Nate Caroe, who was also working on vulnerability research and open-source tool development to help identify and test these vulnerabilities.

This conversation gets even better as we dig deeper into BlueKeep than I thought we would/could—plus we got to discuss some other research and tool development on which this duo are working.

This is a great story that pulls back a few layers of technology. I hope you enjoy it and find it useful as well.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Stina Ehrensvard, Yubico

A Their Story interview with Marco Ciappelli & Sean Martin

Guest: Stina Ehrensvard, Founder and CEO, Yubico

Once upon a time, there was an idea. It was a good one. It was so good that it became a flawless product and an extremely successful company overnight.

And they lived successfully and happily ever after.

— The End

Do you want to hear this story, watch the movie, and even wear their t-shirt? Of course not. It is a bad story and most importantly, it’s not true.

The story of the latest “overnight success” took years to bring together. It happens to be the same overnight success that’s jumped countless hurdles and pushed through some really tough “because we’ve always done it this way” industry roadblocks.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Mario Vuksan, ReversingLabs

A Their Story interview with Marco Ciappelli & Sean Martin

Guest: Mario Vuksan, Founder and CEO, ReversingLabs

This is a story that started about ten years ago; however, in some ways it goes back a bit further than that—and perhaps we will never catch up with the present.

Is a story about a different approach to cybersecurity that has, at its core, a profound desire to understand how technology works and evolves; that places security center-stage in every discipline related—not only to computer science—but to all activities connected to the well-being and progressive development of our society.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Ashish Gupta, Bugcrowd

A Their Story interview with Marco Ciappelli & Sean Martin

Guests: Ashish Gupta, President and CEO, Bugcrowd

I received a DM on Twitter, saying: “I just wanted to thank you for allowing me to research on your platform, I just bought a car with the money that I earned.” 

The message was from someone in India, so I sent a note back: “You know, next time I'm in India, I'd love to get it a ride in the car and a cup of tea with you.”

Two days later, I get a message while I'm thinking, “Did I offend the person? Why did it take so long to reply?” But the note said: “Sorry for the delay, I had to ask my mother because, you see, I bought the car for her, [she] gave everything for me to learn how to be a researcher. So I had to ask if she would be able to give you a ride.”

This is just an anecdote that is part of a much bigger story shared with us by Ashish Gupta, Bugcrowd’s CEO, and an overall great guy.

Their Story At Hacker Summer Camp | Las Vegas 2019 | Karim Hijazi and Elizabeth Wharton, Prevailion

A Their Story conversation with Sean Martin and Marco Ciappelli

Guests: Karim Hijazi and Elizabeth Wharton, Prevailion

During Hacker Summer Camp 2019 in Las Vegas, Sean Martin and Marco Ciappelli spent some time with Karim Hijazi and Elizabeth Wharton to discuss the challenges associated with managing third-party business partnerships, with a focus on identifying the indicators of compromise as a means to evaluate the risk a partner brings to the table.

Their Story Chats At Infosecurity Europe | London 2019 | David Baker, Bugcrowd And Pete Beck, IOActive

A Their Story interview with Sean Martin and Marco Ciappelli

Guests: David Baker, Bugcrowd | Pete Beck, IOactive
Hosts: Sean Martin | Marco Ciappelli

During the Infosecurity Europe event in London, Bugcrowd and IOactive announced a new partnership that's designed to provide the brush and the roller and everything between — bringing the right security researcher talent to the right projects at the right time.

David Baker from Bugcrowd and Pete Beck from IOactive join Marco and me from the Olympia show floor to tell us more about the partnership and the direct benefits it can have for their customers. As usual, we like to peel back the onion a bit and, in doing so, we uncover a few indirect benefits the partnership has on Bugcrowd's and IOactive's business that then translate into additional benefits for their combined customer base.

Their Story Chats At Infosecurity Europe | London 2019 | Aftab Afzal, CEO, CyberCyte

A Their Story interview with Sean Martin and Marco Ciappelli

Guest: Aftab Afzak | CEO, CyberCyte
Hosts: Sean Martin | Marco Ciappelli

In this podcast from Infosecurity Europe, we like to look at the operational aspects of cybersecurity where Aftab gives us a view into what The Circle of Zero Trust is and how integrated network protections, access control, and biometrics, work together to build that circle — and how that fits into a variety of operational scenarios.

It’s an educational and thought-provoking conversation as we cross over from technology to cybersecurity, privacy, and society. We hope you enjoy it.

Their Story Chats At Infosecurity Europe | London 2019 | Charles Lawson And Jeff Sizemore, Egnyte

A Their Story interview with Sean Martin and Marco Ciappelli

Guests: Charles Lawson | Jeff Sizemore
Hosts: Sean Martin | Marco Ciappelli

In this podcast from Infosecurity Europe, Charles Lawson and Jeff Sizemore take us deep into the worlds of construction and healthcare (and beyond) to explore how these organizations have transformed their business to where they can securely store and share sensitive documents and information as a means to protect patient privacy, provide better health services, streamline projects, manage their already-slim margins, and avoid paying penalties due to errors or delays.

Both industries have gone—and continue to go through—a ton of digital transformation. Where have they succeeded? Where do they need additional improvements? We discuss this and a ton of other things relevant to most industries that rely on data and information to run their business.