About the Guests:

Norman Menz and Nick Ascoli are seasoned cybersecurity professionals and entrepreneurs with experience dating back to the early days of the industry. Norman Menz is the CEO of Flare and his career spans system configuration, offensive security, vulnerability prioritization, and third-party risk assessment. He founded and led companies like Prevalent and Delve, which focused on vendor risk assessment and vulnerability prioritization, respectively. Nick Ascoli, the founder of Fortrace, started his journey with a background in Linux distros and programming. He pursued Security and Risk Analysis (SRA) at Penn State University, with a passion for red team operations and an emphasis on external exposure and data. Professionally, Nick has engaged in detection engineering and has been deeply involved in attack surface management.

Episode Summary:

In an engaging dialogue between cybersecurity leaders, Nick Ascoli and Norman Menz share their insights into the ever-evolving landscape of cybersecurity. The episode delves into the need for better understanding external threats and leveraging adversarial-focused techniques to stay ahead of cyber risks. The conversation around reconnaissance, red teaming, and attack surface management is intertwined with personal career anecdotes, illustrating a shift towards more proactive and data-centric approaches to cybersecurity.

The transcript reveals a shared origin story for both guests' companies, originating from the desire to provide an "adversarially focused view" of external footprints in cybersecurity. In an age where conventional risk quantification isn't enough, operations at an enterprise's security level require innovative solutions. The merging of Fortress and Flair is discussed as a groundbreaking step towards unifying valuable data and expertise to enhance the industry's approach to threat exposure management, pen testing, and understanding the full scope of external exposures.

Key Takeaways:

The utilization of cybersecurity tools for reconnaissance is key for red teamers and for organizations aiming to understand what's exposed.

A fundamental aspect for both Fortrace and Flare was the emphasis on data that is "operationally relevant to the sock - to actual operational level security ops."

There's a trend in cybersecurity to educate users on the difference between a vulnerability assessment and a pen test, and when each is appropriate given the maturity of an organization's security posture.

The guests emphasized the need for a "universal search" for external exposure that simplifies finding exposed data across the clear and dark web, useful for red teamers and risk managers alike.

The acquisition of Fortrace by Flare marks the first in the Continuous Threat Exposure Management (CTEM) space, aiming to centralize and streamline the approach to understanding external exposure.

Notable Quotes:

"As red teamers sort of desperate for a more adversarially focused view of your external footprint."

"There was a lot of education of just the difference between a vulnerability assessment and a pen test."

"We were educated for a while, and then the exposure started to grow, where everyone started to realize there's a lot of different flavors of exposure."

"…How do I take the intuition of a red teamer and enable it for anyone who's using a platform in a very simple manner?"

Resources:

Flare Website: https://flare.io/

Special Promotion: A self-service trial provided by Flare: https://try.flare.io/pw/

Flare LinkedIn: https://www.linkedin.com/company/flare-io/

Norman Menz's LinkedIn: https://www.linkedin.com/in/norman-menz-92829014/

Nick Ascoli's LinkedIn: https://www.linkedin.com/in/nick-ascoli-28a78b93/