Whether you are an individual who is always on your phone, an IT professional who lives through your laptop, or an organization that manages a vast amount of cl...
Cyber leaders: Stop being your own worst career enemy. Here’s how.
Technically proficient people often face challenges when looking for (or being elevated to) leadership roles.In the cyber realm, this can become even murkier. We have hackers, who often view rules as guideposts (or even challenges, for that matter); incident responders and threat intelligence officers who tend to have great regard for rules and a well-developed (if not regimented) approach to unraveling mysteries; and product engineers who are astute at design and technical issue resolution.The net is this: Cyber brainiacs are really good at solving problems. And less good at inspiring (or even allowing) others to solve them.In this episode, host Mitch Mayne talks with Brian Donovan, author of "Leadership Is Changing the Game - The Transition from Technical Expert to Leader." They explore some of the critical components of cyber leadership—including Donovan’s perspective that the trick isn’t to develop an entirely new skill set—or superpower, as he puts it—but to hone your existing superpower and learn how to influence and inspire.If you’ve ever wondered how to get out of your own way and transition into cyber leadership, this may be the episode for you.Take a listen—and venture Into the Breach.Things to listen for:[00:05 - 01:20] Introduction[03:05 - 05:34] Mitchs' journey to leadership in the cyber world[06:07 - 07:42] Challenges technically smart people might run into when stepping into a leadership role[08:24 - 12:43] Turning your strengths into superpowers in leadership[18:09 - 20:50] Imposter syndrome within cyber leadership[29:02 - 31:10] What Brian learned from his best manager[32:20 - 34:49] Advice to be a great leader in cyber
--------
36:19
The Quantum Quandary: How researchers are bridging the supercomputer security concerns
Quantum computing relies on quantum physics for computational power and computes much faster than classical computers. It’s predicted to provide major breakthroughs across society, science and business. At the same time, it poses a risk to key cryptographic algorithms we depend upon for the safety of our digital world. Meaning, it has the potential to render existing communications as insecure as if they weren’t encoded at all.In this episode, host Mitch Mayne talks with one of the scientists working on quantum-safe encryption algorithms. Dr. Walid Rjaibi has spent considerable time experimenting with these algorithms and creating prototypes for transitioning current software to quantum-safe standards. They talk in-depth about the security risk quantum poses, how researchers are addressing that risk, how policy can (or should) shift to make standardization a reality, and what organizations might struggle with as they shift toward quantum—and how some of those struggles might be addressed.Things to listen for:[00:05 - 01:34] Introduction[03:55 - 06:05] An overview of quantum computing[06:45 - 11:30] Cyber risks associated with quantum[15:03 - 18:42] Algorithms that are quantum-safe[19:09 - 21:54] Encryption algorithms, RSA deep dive[25:18 - 26:15] Effective policy regulations[26:42 - 29:30] Where to begin when learning about quantum
--------
31:18
Threat sharing evolution: How groups offer less risk and better intelligence to members
It’s been eight years since the Cybersecurity Information Sharing Act was signed into law, and today we have a thriving network of public/private threat sharing groups—like the Joint Cyber Defense Counsel (JCDC) and National Artificial Intelligence and Cybersecurity ISAO (NAIC/ISAO), offering platforms where member organizations can both share threat information and gain access to the larger collection.Yet, perception challenges still exist for threat sharing groups. These include both liability and confidentiality concerns, with some organizations wondering if information shared in a group could be traced back to—and used against—the organization that shared the data in the first place.In this episode, host Mitch Mayne talks with Michael Thiessmeier, Co-founder and Executive Director of the NAIC/ISAO, about the history of threat sharing and how the “public good” has benefitted. They also explore the perceived hurdles to entering threat sharing groups and explore whether or not those are legitimate concerns.Things to listen for:[00:05 - 01:41] Introduction[03:23 - 05:54] Notable wins as a result of groups sharing intelligence[06:19 - 07:23] What information to consider sharing in an information-sharing group[11:00 - 14:03] Has trust been restored that the government does the right thing in terms of privacy and surveillance?[20:09 - 21:23] Michaels information products[22:15 - 23:20] Why threat sharing is important
--------
24:30
Your private information is probably being sold on the dark web. How can criminals use it?
Late last year, a well-known ride share app and a gaming company were hacked using well-crafted social engineering attacks. Stephanie Caruthers—known online as “Snow,’ is a professional hacker herself and has a solid working theory on how the attacks happened. Stephanie’s take: the criminal may have purchased already stolen credentials of users off the dark web, used that data to research the target victims, and then combine those sources of information to engineer highly targeted attacks.Which raises the question: Is your information out on the dark web, and how can it be used by a criminal?Let’s find out. Join us as we venture, Into the Breach.Things to listen for:[00:05 - 01:36] Introduction[01:55 - 02:30] The genesis of online name Snow[05:42 - 06:41] Spearfishing vs. social engineering[07:21 - 08:21] What Snow knows about Uber and Rockstar hacks[08:45 - 10:37] Snow's thoughts on TeaPot purchasing credentials from the dark web for who they were targeting[11:04 - 12:20] What Snow looks for to find information from a social media perspective[19:37 - 22:43] Advice on how to avoid being attacked[21:00 - 22:43] How the attacks happened[23:38 - 24:38] For the average citizen: What to do or not to do
--------
27:54
Operational Technology: The evolving threats that might shift regulatory policy
Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022—a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure.Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are behind us, and the threats to OT and ICS are real and ongoing.Roya Gordon and her team at Nozomi Networks keep a close eye on these kinds of threats, and recently released their biannual OT/IoT Security Report that examines what’s happened in the landscape for this sector in the latter half of 2022.She joins me in this episode to talk in-depth about what her team found—including the latest on the types of attacks hitting OT and IoT, what effect increased regulation may have on industries in this sector, how Russia’s invasion of Ukraine continues to change the landscape, and what may be on the horizon for cyber insurance. And maybe most importantly, she helps us understand what OT/IoT organizations can do to stay safer.Join us—and together we’ll venture Into the Breach.Things to listen for:[00:05 - 00:44] Introduction[01:00 - 02:50] Important pieces from Nozomi's security report[03:23 - 05:21] Threat actors Roya sees at Nozomi[06:16 - 08:10] Roya explains being anti-cyber insurance[11:40 - 15:21] Sector-specific plans: What do we know and are they needed?[16:19 - 17:21] International efforts for a safer sector[20:45 - 23:06] Advice for loT and OT friends
Whether you are an individual who is always on your phone, an IT professional who lives through your laptop, or an organization that manages a vast amount of clients and services, a security breach can happen at any moment. Many of us think that we are prepared, but are we really? On this podcast, you’ll hear from a variety of cybersecurity professionals to better understand the underground world of cyber and you’ll walk away better prepared with tales, tools, and support to help you thrive in the face of uncertainty…
South Africa