In this episode I had to chance talk with Michael Leland about XDR.  Michael is the Chief Technology Strategist for McAfee. We spoke both at a high level and a lower level about Extended Detection and Response.  The goal of the episode is to help your SMB better understand if it is a good fit for your company.

Talking Points:

• What is XDR and is it more than just marketing fluff?
• What are all of the 'data points' XDR uses?
• Can it help with managing Cloud data security?
• Could it help with things like last week's Microsoft Exchange issues?
• Does it behave different on different devices like workstations and servers?
• How can it help with improving your response times?

In this episode I talk with former hacktivist Mike Jones.  Mike was a former cryptologist for the US Army and also a former member of the hacktivism group Anonymous.  Have you ever wonder why someone would get into hacking? Ever wonder what it's like to be 'talk to' by the FBI?  Well now is your chance to hear about it.

Talking Points:

• What is Hacktivism? What drew you to it?
• What is the most misguided conception of Anonymous/Hacktivism?
• While the movie ‘The Net’ with Sandra Bullock was fictional in the 90’s, you kind of had to live it for a while.  What was that like?
  • Meetings with the FBI and Secret Service
  • No Fly List
  • No Banking
  • Man with a country?
• Government experiments on hacker behavior
• FBI 'recruiting' tactics
• What are you doing with your time now?

For More Information on Haunted Hacker:

https://linktr.ee/H4UNT3Dh

In this episode I talk with Clinton Herget about secure coding, container security and the importance of having a DevSecOps mindset.  Clinton is the Principal Federal Solutions Engineer for Snyk. 

Talking Points (including SSDLC diagram):

• Software Vulnerabilities can happen even before your first line of custom code (Open Source Libraries)
• Review an example of a Secure Software Development Lifecycle Diagram (SSDLC)
• Pros and cons of using a Static Application Scanning Tool (SAST)
• Pros and cons of using a Dynamic Application Scanning Tool (DAST)
• Container Security:
  • Image scanning guidance
  • Pros and cons of containers

Podcast Sponsor Info:

 Snyk is a developer security company based out of Boston (Home of Great Chowdah) Massachusetts. Part of the sponsorship fees goes towards helping At Risk students in West Michigan.

In this episode I talk with Greg Franseth about the Solar Winds incident and how your business can learn from their mistakes.  Greg is the Senior Director of Professional Services and Internal Operations for Cadre Information Security

3 Segments:

• High Level Overview of What Happened
• Recent News of Chinese Involvement
• What Can You Do To Prevent It?

Talking Points:

• It's time to take Nation State actors more serious
• How did this happen and go undetected for so long?
• Do nation state actors 'truly' care about SMBs that are not attached to the government?
• Should the Solar Winds issue worry you more as an SMB?
• The bad guys are automating? Are you?

Ken Dickey's Blog About The Attack:

https://blog.cadre.net/exploring-the-ramifications-of-the-latest-supply-chain-attack

Episode Sponsor:

This episode is sponsored by Cadre Information Security. Cadre is a security solutions provider that focuses on network data security designs for businesses.  The company is based out of Cincinnati, Ohio.  As always part of the fee from sponsored episode go towards 'At Risk' students in West Michigan.

In this episode I talk with Allison Prout about security policies and a company's risk profile. Allison is an up and coming Cyber Security and Policies counsel for Beckage Law Firm. She specializes in IT Contracting for PCI-DSS, data ownership, cyber insurance and data protection and response.

Talking Points:

• What is your risk profile?  Do you know how to change it?
• Best Practices for Working with Third Party Risks [Both Proactive and Reactive]
• Robust Vendor Management Program
• Third Party Risk Assessment
• Strong Contracting Protocols
• Incident Response Plan

In this episode I have a co-host, Anthony Coggins, join me to talk with Steve Tobias about the first steps to take in building a Risk Management program.  Anthony is the Security Architect for Acrisure and Steve is one of the Lead Risk Analysts for Spectrum Health.

Talking Points:

Looking at Risk Management through the eyes of a brand new startup company we discuss:

• What is the first thing you should do?
• Awareness of understanding your risk posture 
  • Do it internal or hire a partner company? 
• What documents do you need to start off with?
• What are your security 'requirements' you need to discover?

Risk Management Resource Links:

Why CISOs must be students of the business | CSO Online

5 rules for a healthy CIO-CISO relationship | The Enterprisers Project

Small Business Cybersecurity Corner | NIST  - great resource to get started – free

Planning Guides | NIST

Stay safe from cybersecurity threats (sba.gov) – great resource to get started – free

DHS SMB Road Map 07-27-18 (cisa.gov)

Tips | CISA

In this episode I speak with Josh Geno about what it's like to be in a ransomware attack.  Josh is one of the Lead Security Engineers for Spectrum Health.  Josh has had the distinction of being in a ransomware attack as well as having to 'clean up' after one.  Josh has created a Ransomware Playbook that is open for use by anyone and is geared to sharing knowledge/lessons learned.

Talking Points:

• Walk Through The Incident 
  • Prepare 
  • Detect 
  • Triage/Prioritize 
  • Analyze 
  • Contain/Eradicate/Recover 
  • Post-Incident 
• How would you use these documents in your organization?
• Can be used as Net New or Augmenting (GAP Analysis) 
  • A scenario were Company A was already affected and didn't know it 
• Read the instructions first 
  • Flowchart will make 1000% more sense if you read the instructions 

Dropbox File Links:

Ransomware Playbook Instructions Link

Ransomware Playbook Link

In this episode we are going to take a look at cloud visibility and not the kind of visibility you think.  Not is the sense of something like a Cloud Access Security Broker. Rather visibility into your entire cloud infrastructure.  My guests are Matt Hallahan and Nilesh Deo from CloudBolt.

Talking Points Include:

• How can you get the 'Cloud View' of your different environments?
• How can you hold 'shadow IT' to a governance model? 
  • How quotas and automation can help 
  • How visualization can help 
• What things can you do to 'enable' self-service IT?
• How can an SMB start successfully 'looking' for resources that haven't been reported?

Podcast Sponsor:

This episode is sponsored by CloudBolt. CloudBolt is a Cloud Management Solutions company that is based out of Rockville, Maryland.  As always a majority of the proceed from the sponsorship go to 'At Risk' students here in Michigan.

In this episode I have a special co-host, Alex Ronquillo, and we spoke with Allan Liska about Threat Intelligence and how SMBs can use it.  Alex is a Internet Threat Hunter from rec.  Allan is a Threat Intelligence Analyst from Recorded Future.

Talking Points:

• Why as a SMB should you care about threat intel?
• What are the must have capabilities / resources that a company should have before investing in a threat intelligence platform?
• Are some SMBs starting to understand protecting their 'brand'
• What is everyone getting wrong their 3rd party suppliers?
• What are the biggest changes, if any, they've seen in 2020 regarding threat actors?
• Why Threat Intel needs to expand outside of your SOC in 2021
• Will AI mature in 2021?

In this episode I talk with Andy Winiarski and Craig Widmaier about Multi Factor Authentication and how a password(less) future is closer and simpler than you think.  Andy is a Senior Solution Engineer and Midwest Sales Director for Yubico.

Talking Points:

• What is Multi Factor Authentication and why should an SMB use it?
• What is the difference between a Yubikey and a different form of MFA (SMS, RSA Key, etc.)
• Why isn't MFA used more?
• What does 'password(less)' mean?

This episode was sponsored by Yubico.  Yubico is a global authentication leader based of out Sweden(!) with a US office in Palo Alto.  As always a majority of the proceeds from the sponsorship go to 'At Risk' students here in Michigan!