Cyber Security America

Episode 31, Welcome to season two of the Cyber Security America podcast.  In this episode, we explore the evolving landscape of cloud security, focusing on critical considerations for organizations migrating to Office 365 and Azure AD. Stay tuned as we unravel essential strategies and insights to bolster your security posture in the cloud.

 

In traditional on-prem environments, users authenticate to domain controllers within a network. However, replicating this infrastructure to Azure Cloud introduces significant changes. Now, users can authenticate from anywhere globally, leading to numerous failed authentications and increased MFA prompts. This new setup can cause account lockouts that do not synchronize back to the on-prem domain controller. Therefore, when moving to Office 365, it's crucial to consider Microsoft's Defender for Identity for enhanced security posture, compliance, threat detection, and vulnerability assessments.

 

One of the most significant security concerns is PowerShell. It's frequently used in legitimate administrative actions and by malicious actors. Hardening PowerShell is essential, and this includes enabling transcription, which captures input and output of commands, and script block logging, which ensures Base64 encoded commands are logged and can be decoded for analysis. This helps to detect and respond to malicious activities without relying on external tools like CyberChef.

 

Furthermore, enforcing script execution policies (restricted, bypass, remote signed, all signed) helps manage which scripts can run, though these policies are not foolproof security controls. The key is to use them as intended to prevent unintended script execution.

 

Constrained language mode is another vital hardening measure, restricting access to commands that can invoke Windows APIs, which are often exploited to download malware. For example, commands like `Add-Type` can load arbitrary C# code and are frequently used in attacks.

 

Additionally, integrating the Anti-Malware Scanning Interface (AMSI) into applications can help detect and prevent script-based threats by scanning unobfuscated scripts before execution. This is particularly useful in environments where PowerShell is heavily used, as it adds an extra layer of security.

 

Effective cybersecurity requires technical depth and business alignment. Start by understanding your industry's regulations and standards. Align your cybersecurity strategy with business risks and integrate threat intelligence, incident response management, and continuous attack surface management. This strategic approach ensures a comprehensive security posture.

 

Finally, as organizations migrate to Azure AD and other cloud services, several key security considerations must be addressed. This includes understanding architecture changes, monitoring data flow, and ensuring tool rationalization. Critical components often overlooked include proper deployment of MFA and firewall management. PowerShell security remains a top priority, requiring logging configurations that decode Base64 and using digital signatures to verify scripts.

 

Emerging technology threats, such as AI model poisoning and DNS over HTTPS, also need attention. Monitoring DNS logs for threat hunting is crucial, but the shift to DNS over HTTPS complicates this. Additionally, remote access solutions like RDP should be used in just-in-time mode to prevent continuous exposure.

 

In summary, moving to the cloud and adopting new technologies necessitates a robust cybersecurity framework that integrates traditional security measures with advanced threat detection and response capabilities.

 

#Cybersecurity #PowerShell #AzureAD #CloudSecurity #Office365 #DefenderForIdentity #MFA #ThreatDetection #ITSecurity #CyberThreats #CloudMigration #PowerShellSecurity #DNSOverHTTPS #AIThreats #RemoteAccess #ITCompliance #SecurityBestPractices #IncidentResponse #ThreatIntelligence

Join us for an illuminating journey into the world of cybersecurity and governance as we sit down with former Governor Pat McCrory, the 74th Governor of North Carolina. In this captivating episode, Governor McCrory offers his invaluable leadership insights on the pressing issue of cybersecurity, particularly within the context of state and local government. #informationsecurity #government #governor #northcarolina #charlotte #asheville #greensboronc #raleigh

Discover how the decentralized nature of government at various levels is adapting to the ever-evolving digital landscape. Governor McCrory's extensive experience in public service provides a unique perspective on the challenges and opportunities in safeguarding our digital assets. Explore the real-world implications of cyber threats, with a particular focus on potential threats to the Department of Transportation (DOT). Gain a deeper understanding of how government agencies like DOT are addressing and mitigating these emerging challenges. We'll also delve into the recent Government Accountability Office (GAO) Report on Cyber, analyzing its key findings and recommendations. This report is a must-read for policymakers and cybersecurity professionals, and our discussion will provide valuable insights into our nation's cybersecurity readiness. But that's not all! Governor McCrory has an exciting announcement to share. He will provide insights into a potential Presidential candidacy from the No-Labels political group, offering a unique perspective on the evolving political landscape and the role of cybersecurity in national politics.

Tune in to this exclusive episode and engage with Governor Pat McCrory's insights, questions, and the dynamic discussion surrounding critical issues at the intersection of cybersecurity, governance, and national politics. Don't miss this opportunity to gain a deeper understanding of the challenges and opportunities facing our digital world. Patrick Lloyd McCrory (born October 17, 1956) is an American politician, businessman, and radio host who served as the 74th governor of North Carolina from 2013 to 2017. A member of the Republican Party, he previously served as the 53rd Mayor of Charlotte from 1995 to 2009. While serving as mayor of Charlotte, McCrory served on the U.S. Homeland Security Advisory Council from 2002 to 2006 under President George W. Bush. He was the Republican nominee for governor of North Carolina in the 2008 general election. McCrory was again the Republican nominee in the 2012 gubernatorial election and won with 55 percent of the vote. McCrory became the first Mayor of Charlotte to win the state's highest office, as well as the first Republican to win the governorship of North Carolina since 1988. 

 

Welcome to the Cyber Security America show, a platform for exploring the dynamic and ever-evolving world of cybersecurity and information technology.

Welcome to our podcast, where we explore the fascinating world of generative AI and its profound impact on various fields.

Welcome to another episode of Cyber Security America with your host, Joshua Nicholson (https://www.linkedin.com/in/joshuanicholson/). In this episode, we delve into the world of cloud computing and its impact on cybersecurity.

In episode 29, host Joshua Nicholson welcomes Dennis Kraft, a Penn State graduate and former United States Army Captain who served with the 101st Airborne Division Air Assault in Afghanistan from 2010 to 2011. After his military service, Dennis transitioned to a career in cybersecurity, working for the Department of Veterans Affairs, the Department of Homeland Security, and private companies. He later founded Cyberkraft in 2019 with the mission of bridging the cybersecurity skills gap through elite training courses. Dennis discusses his mission at Cyberkraft, which is to help individuals obtain cybersecurity certifications to advance their careers and fill the growing cyber skills gap. He emphasizes the importance of hands-on training and mentorship, drawing parallels between military training and cybersecurity education. The conversation touches on open source tools versus commercial products, the need for foundational networking knowledge, and the challenges faced by those entering the cybersecurity field. The episode highlights the importance of investing in cybersecurity training and mentorship to prepare professionals for the ever-evolving field of cybersecurity. Dennis also mentions Cyberkraft's competitive pricing, financing options, and veteran discounts for their training programs, emphasizing their commitment to making quality training accessible. The podcast offers insights into the challenges and opportunities in the cybersecurity industry and the value of continuous learning and mentorship. The text discusses the challenges faced by a student in a self-paced entry-level course and suggests that instructor-led training might have been more suitable. The conversation highlights the importance of tailoring teaching methods to individual learning styles and mentions the incorporation of the VARC model (Visual, Audio, Reading, Writing, Kinesthetic) into courses to accommodate different learning preferences. The company, founded in 2019, specializes in cybersecurity training and emphasizes both passing certifications and gaining practical, real-world skills. The text also touches on the use of live labs and hands-on exercises, as well as the importance of understanding the thinking behind complex exam questions. Finally, it briefly discusses cloud certifications like CompTIA Cloud+ and CASP+ as well as the potential alignment of certifications with specific job roles

Welcome to episode 28 of the Cyber Security America podcast with your host Joshua R. Nicholson (https://www.linkedin.com/in/joshuanicholson/). He is excited to welcome Dayle Alsbury (https://www.linkedin.com/in/daylealsbury/), a distinguished cybersecurity expert with over two decades of experience in information security. Dayle has led diverse global teams, delivering innovative security solutions across highly regulated industries like education, healthcare, finance, banking, and energy. Currently serving as the CISO at Litmos, he plays a pivotal role in securely providing eLearning solutions and integrated Learning Management services to more than 20 million individuals in 150 countries. Before joining Litmos, Dayle spearheaded the cybersecurity program at Stride Learning, implementing an exceptional cybersecurity recovery and transformation roadmap that resulted in a remarkable 90% increase in NIST maturity within just 24 months. Prior to that, he held instrumental roles at Blue Cross Blue Shield of Louisiana, driving security innovation, risk reduction, cloud and mobile adoption, and cost-effective cybersecurity management. Dayle's expertise extends beyond a single organization; he also serves as a virtual or fractional CISO and strategy advisor to numerous organizations facing unique cybersecurity challenges. Over the past two decades, he has made substantial contributions to cybersecurity and IT leadership in small organizations and startups spanning various sectors. Beyond his corporate roles, Dayle is an IT regulatory compliance expert and mentor, offering valuable guidance to innovative organizations and professionals. He has also served as an Executive Member of the Blue Cross Information Security Advisory Committee, providing national-level thought leadership to Blue Cross organizations. His expertise further extends to collaborating on cyber skills training and competitions projects and sharing insights with renowned organizations such as CNN, NBC, Time Magazine, Gartner, Radio America, WWL Radio, and many others. In this podcast episode, Dayle and Josh delve into several critical cybersecurity challenges and captivating stories from the trenches: - Deep Fakes: We'll discuss the growing concern of deep fakes and their potential consequences, including incidents like the Ukraine war deep fake video of Putin. - Security Tool Pollution in the SOC: We'll explore the challenges associated with security tool proliferation in Security Operations Centers (SOCs) and strategies to maintain efficiency. - Spoilage & Deep Fakes: Dayle will share stories related to spoilage and deep fakes, highlighting real-world examples and their impact on security. Join us in this insightful audio podcast episode as we navigate the evolving landscape of cybersecurity, Cyber Security America video podcast located (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg)

Welcome to our latest podcast episode (Episode 27), where Joshua R. Nicholson (https://www.linkedin.com/in/joshuanicholson/) embarks on an insightful journey through the dynamic world of #cybersecurity. Our distinguished guest, Joshua Copeland, brings his battle-tested expertise and extensive experience to the forefront. As the Director of Cyber at AT&T, Joshua plays a pivotal role in shaping security solutions for State, Local, Tribal, and Territory (SLTT) entities. In this episode, our two Josh's delve into the critical role of Governance, Risk, & Compliance (GRC) in navigating the cyber landscape. Joshua Copeland provides valuable insights into how GRC serves as a compass, guiding organizations to make informed decisions about where to invest their resources. GRC helps identify vulnerabilities, weaknesses, and risks, providing a roadmap for strategic investments in cybersecurity. Youtube video podcast (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) As Joshua Copeland aptly puts it, GRC helps quantify and understand the true nature of risks. Without this understanding, organizations may find themselves merely throwing money at the latest cybersecurity tools and gadgets. While cool toys and cutting-edge technology are appealing, they must align with an organization's unique risk profile and vulnerabilities. To effectively mitigate risks, organizations need to intrinsically comprehend their risks, their potential impacts, and the available mitigation strategies. This understanding enables them to select the right cybersecurity solutions tailored to their specific requirements. It's not always about having the most expensive Ferrari; it's about having the right tool for the right job, efficiently addressing the identified risks. But our episode doesn't stop there. Before we delve into Joshua's invaluable insights, we dissect the events of August 2023's Patch Tuesday from Microsoft. This episode explores the two zero-day vulnerabilities and a staggering 87 flaws addressed during that release. As we eagerly anticipate September's Patch Tuesday, we reflect on Microsoft's handling of these vulnerabilities, including the intriguing fact that only six were rated as critical. Our discussion extends to major updates from other industry players, including Adobe's security updates for Microsoft Acrobat Reader, AMD's security enhancements for new hardware, and Cisco's necessary security updates for their VPNs due to ongoing vulnerabilities exploitation. Join us for a thought-provoking discussion with Joshua Copeland, touching on cybersecurity insights, hiring practices, leadership, and pathways into the field. Discover how Joshua, an adjunct professor at Tulane University, teaches cybercrime and cyber leadership. #cybersecurity #grc #informationsecurity

Welcome to the 26th episode of How do you managed an operational threat intelligence program? In this installment, Joshua Nicholson (https://www.linkedin.com/in/joshuanicholson/) traverses the realms of business, technology, and those often-unnoticed opportunities that slip through the cracks. Today, our spotlight turns towards a paramount facet that frequently resides in the shadows: Threat Intelligence management. While the realm of Business Intelligence has flourished over decades, employing cutting-edge tools to unveil hidden insights within data, Threat Intelligence has seldom basked in the limelight of decision-making. But why does this crucial component remain relegated to the background? Join us on a journey to unearth the untapped potential and overlooked dimensions of Threat Intelligence. Our host engages in an intriguing dialogue with the distinguished Mr. Brian Mohr, an industry expert who illuminates the striking parallels between Business Intelligence and Threat Intelligence. Despite the availability of advanced technologies, Threat Intelligence remains an underrecognized powerhouse, yearning for its rightful acknowledgment. This episode (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg). imparts the understanding that tools and technology wield great power, yet their impact rests on those who wield them. The conversation underscores the vital role of a Threat Intelligence analyst—a counterpart to a Business Analyst in the realm of threats. Just as a Business Analyst deciphers intricate data for informed decisions, a Threat Intelligence analyst decrypts threats and vulnerabilities, propelling proactive strategies. Our esteemed guest regales us with captivating anecdotes from workshops, where Intelligence teams dissect a corporation's 10-K statement—a goldmine of insights into a company's risks and pursuits. This reveals that Threat Intelligence isn't a distant relation; it's a sibling with its own unique challenges. Join us in dispelling the misconceptions around Threat Intelligence and discovering its potential to revolutionize decision-making. The time has come to honor a discipline that, like Business Intelligence, holds the key to well-informed choices. Tune in to episode 26, as overlooking Threat Intelligence is a regrettable oversight. Our guest today is Brian (https://www.linkedin.com/in/brianvmohr/), co-founder of Reqfast (www.reqfast.com), a program management platform tailored for intelligence and investigative teams. With over two decades in intelligence and security, Brian's journey began in the Marines, specializing in Counterintelligence/Human Intelligence. Transitioning to a financial services company, he implemented threat intelligence workflows. Brian ventured into an intelligence provider, creating workshops and understanding both sides of the threat intelligence relationship. Holding an MS in Cybersecurity, an MBA, and even an Associate of Arts in Chinese Mandari

Welcome to Episode 25 of the podcast, where we dive deep into the intriguing world of cybersecurity in the Middle East. In this installment, we're exploring the unique operational challenges faced by foreign companies operating in the region. Join us as we uncover the threats, risks, and intricate dynamics of this operating environment. Building upon our earlier discussion about the Volt Typhoon incident in May, we're shedding light on the intensified scrutiny surrounding Chinese threat activities. These activities are closely tied to the escalating tensions between China and Taiwan, fueling the urgency to analyze such threats. As the podcast unfolds, we venture into the burgeoning landscape of hyperscale presence within the Middle East. The discussion explores the establishment of data centers by tech giants like Google, Oracle, Azure, and Alibaba in countries such as Saudi Arabia, UAE, and Qatar. We uncover the motivations behind this rapid growth and the regulatory push to ensure data sovereignty, compliance, and job creation. Our guest for this episode, Camille Tamimi (https://www.linkedin.com/in/kameltamimi/), an esteemed cybersecurity professional with over two decades of experience, joins us from Dubai, the heart of Middle East cybersecurity and technological advancements. Camille brings a wealth of knowledge and insights into the regional digital transformation and modernization efforts. Threat Intelligence takes center stage as we delve into recent developments. ChatGPT's use in refining Arabic phishing attacks, the alarming employment of the 'Evil Proxy' technique to target VIPs and bypass MFA, and the activities of Threat Actor Storm0558, responsible for compromising O365 accounts at high-profile government entities, are just some of the eye-opening topics we'll explore. The global stage also comes into play, with Russian and Chinese naval exercises around Alaska raising concerns. We're thrilled to be joined by Kamel Tamimi, a seasoned professional with deep expertise and insights into the cybersecurity landscape of the Middle East. With a background spanning sales, engineering, and leadership roles, Kamel's presence adds invaluable depth to our discussion. Tune in to gain an in-depth understanding of the cybersecurity challenges, triumphs, and intricacies that define the Middle Eastern cybersecurity realm. Thank you for joining us on this illuminating journey into the heart of digital defense and transformation. To stay updated on the latest episodes of Cyber Security America, visit the Cyber Security America YouTube Channel (https://www.voiceamerica.com/show/4125) and subscribe to the Cyber Security America Apple Podcast (https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285). Connect with Joshua Nicholson on LinkedIn (https://www.linkedin.com/in/joshuanicholson/) #Cybersecurity #MiddleEast #Threats #DataSovereignty #TechAdvancements #DigitalTransformation #PodcastEpisode #ForeignOperations