Mia Landsem joins host Manoj Tandon in this episode of Security Confidential. From Norway, Mia discusses how a series of unfortunate events led into an astonishing Career choice. Mia has used her skills in cybersecurity to help many people. She has focused her attention on image abuse which led to a nomination in 2021 as Cybersecurity Women of The Year. She is a best selling author, has numerous TV appearances, lectured at over 300 schools, and has helped train law enforcement on pursuing criminals posting pictures of minors.

00:00 Introduction 

01:16 How Mia got into Cybersecurity 

03:17 Making The Olympic Team 

04:27 Learnings from sports training applied to cybersecurity 

07:20 Advice on Cyberbullying 

09:30 Law enforcement response to Cyberbullying  

11:00 The Law and illicit pictures of minors 

16:54 Using Cyber knowledge to stop Image Abuse 

22:21 Changing the Laws on Image Abuse 

24:14 Working with the Police  

29:51 Cybersecurity Woman of the Year  

31:03 Privacy rules and catching pedophiles  

36:20 Moving forward  

42: 45 How illicit pictures are propagated  

53:23 Can pedophiles recover? 

55:00 Contacting Mia

Laura Tich, founder of SheHacks_KE and Cybersecurity Women of The Year Nominee joins host Manoj Tandon on this episode of Security Confidential. Laura along with SheHacks_KE has helped over 400 people on their Cybersecurity Career journey. She discusses:

00:00 Introduction

01:30 What led to the nomination of Cybersecurity women of the Year?

03:27 Why focus on Information Security

05:40 High tech environment in Kenya

08:20 The work of SheHacks_KE

10:44 Cybersecurity threats Kenyan business face

13:30 Cybersecurity awareness in Kenya

15:16 Personal security challenges

17:14 The people impact of SheHacks_KE

18:37 Ransomware impacts in Kenya

22:00 Providing defense in depth to organizations in Kenya

26:15 Supporting SheHacks_KE

Sean Sweeney is a frequent author and speaker on cybersecurity. In this episode of Security Confidential Sean talks about cloud security. He has a deep background in cloud security. Sean currently leads the Field CISO and Cloud Security Advisor group within Oracle North America Cloud Engineering.  In his prior role Sean was with Microsoft where he was the Global Chief Security Advisor. Sean is a previous Chief Information Security Officer at the University of Pittsburgh, and Litigation Support Applications Manager for the U.S. Department of Justice. Sean began his career as a Database Administrator for ExxonMobil and the U.S. Department of the Interior.

00:09 Sean Sweeney’s Background 

01:38 From DB Admin to CISO 

05:00 Helping Dave Hickton prosecute cyber criminals 

06:52 The future of cybersecurity 

07:20 SAS, PAS, IAS-Your responsibilities in cloud cybersecurity 

13:33 If IP is exfiltrated from the cloud app, whose responsible? 

14:30 What gets popped in the cloud environment?

15:23 What is the difference between zero trust and SASE? 

19:45 What is the order of implementing elements of SASE or Zero Trust 

23:10 The role of MDM in BYOD 

26:54 Too much friction is a risk 

32:27 Should the CISO work for the CIO? 

36:58 How do you secure hybrid cloud environment? 

42:34 Accelerator Program at Oracle 

45:49 Dealing with Ransomware 

50:26 Struggling with vulnerability management

To learn more about Dark Rhino Security

#SecurityConfidential #DarkRhinoSecurity

Strategist and best-selling author Michele Wucker coined the term “gray rhino” for obvious, probable, impactful risks, which we are surprisingly likely but not condemned to neglect. The metaphor has moved markets, shaped financial policies, and made headlines around the world. It became a frame for the ignored warnings that led to the COVID-19 pandemic and a lyric in a hit BTS single about depression. Michele’s 2019 TED Talk has attracted 2.5 million views. She is the author of four books including the global bestseller THE GRAY RHINO: How to Recognize and Act on the Obvious Dangers We Ignore; and the new book YOU ARE WHAT YOU RISK: The New Art and Science of Navigating an Uncertain World. A former media and think tank executive who began her career writing about emerging market finance, Michele is founder of the Chicago-based strategic advisory firm, Gray Rhino & Company. She speaks regularly to high-level audiences on risk management, the global economy, and decision-making, and is quoted often in leading media. She has been recognized as a Young Global Leader of the World Economic Forum and a Guggenheim Fellow, among other honors. Visit her website at www.thegrayrhino.com or www.wucker.com; follow her on twitter @wucker.  

00:00 Introduction

01:22 How the name Grey Rhino was coined 

05:45 Why companies put off dealing with Risk 

10:55 What is an individual’s risk fingerprint 

12:26 Does nature or nurture win on defining One's risk fingerprint? 

14:01 Are there one or two that stand out in shaping One's risk fingerprint? 

21:28 Millennials and risk  

24:58 The risk muscle 

28:09 Building your risk muscle 

34:05 Genetics and risk 

40:00 How to change an organization's risk fingerprint 

45:30 https:/Thegreyrhino.com 

45:53 Newsletter Around my Mind

Naomi Buckwalter joins Security Confidential as a guest on this episode. Naomi has over twenty years of experience in Cybersecurity, two degrees from Villanova, and has worked at great companies like Vanguard. She brings her wealth of knowledge on Cybersecurity and discusses all the foundational elements of a great cybersecurity program from hiring the right people, Cybersecurity's effects on everyday life, shifting left in Cybersecurity to enhance it, using Cybersecurity as a revenue generator, all the way to quantifying risk and explaining it to the C-Level. There is something in this discussion for everyone interested in Cybersecurity.

00:00 Introduction 

01:18 The demand gap in Cybersecurity for personnel 

12:06 Cybersecurity bleeding into everyday life  

19:11 Gatekeeper and created hindrances in Cybersecurity 

19:45 Crafting a defense in depth architecture 

23:00 The importance of explaining of the why in Cybersecurity to people 

25:00 Christian Espinosa The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity 

25:46 Diversity of thought 

28:00 Convincing executives to take on fresh Cybersecurity talent 

32:00 Is being a women in Cybersecurity is a plus? 

37:20 Shifting left in Cybersecurity-what is that? 

44:10 Quantifying and communicating cyber risk to the c-level 

46:14 Understanding corporate revenue channels and their importance to Cybersecurity 

47:37 Using Cybersecurity as a revenue generator 

51:38 Cybesecuritygatebreakers.org

#SecurityConfidential #DarkRhinoSecurity 

Charles Herring, CTO of witfoo, joins this episode of Security Confidential. Charles started his career in Information Security in 2002 with the US Navy, serving as the Network Security Officer at the US Naval Postgraduate School. Charles has been a contributing product reviewer for InfoWorld Magazine and spent 7 years running Herring Consulting a firm dedicated to process orchestration. Charles is dedicated to maturing the craft of Infosec.

00:00 Introduction 

02:12 Getting a start in Cybersecurity and transition to civilian life  

13:22 7 unstable conversations in Cybersecurity 

14:40 Establishing a unit of work-increasing deterrence 

20:04 Law Enforcement success with cyber crimes-Sharing Information 

24:34 How to vet the quality of Threat Intelligence 

26:47 Dealing with the Unknown-Unknowns-Zero Day Attack 

33:26 1st unstable conversation-understanding all the data from the toolsets 

36:36 2nd unstable conversation-managing the investigators 

37:28 3rd unstable conversation-security practice communicating with the business 

40:23 4th unstable conversation-security vendors lie 

41:42 5th unstable conversation-challenges in sharing information by orgs 

42:00 6th unstable conversation-law enforcement sharing information 

42:04 7th unstable conversation-law enforcement lacks evidence to prosecute 

43:30 What is witfoo? 

48:24 https://www.logfibber.com 

50:10 Breaking in Bad

Manoj Tandon, one of the founders of Dark Rhino Security, appeared on Pittsburgh Technology Council's TechVibe Radio on ESPN 970. This is a complete repost of the show which is wholly owned and operated by the Pittsburgh Technology Council. The Mythbusting in Cybersecurity starts at time marker 15:55. Please subscribe and leave your comments.

#SecurityConfidential #DarkRhinoSecurity

Fredrik Oedegaardstuen joins Dark Rhino's Security Confidential to discuss Open Source software in cybersecurity. Fredrik the is the CEO of Shuffle, an automation platform. He has been a software engineer and has extensive experience in SOC operations in an MSSP environment. Fred discusses many topics ranging from monetizing open source software, myths with open source, architecture and design, silver bullets in cybersecurity, and provides cautionary advice.

02:34 Why Tokyo 

04:13 Open source and cybersecurity 

06:37 Monetizing Open Source Software 

12:17 Myth of Open Source tools being not that secure 

13:29 Shuffle-The security automation platform 

18:40 Architecture of Shuffle inspired from the NSA 

26:21 Integration of disparate systems 

32:26 Tools and Silver Bullets in Cybersecurity 

34:09 Does the role of the analyst change with Shuffle?  

40:04 Cautionary advice on automation

Frikkylikeme is Fredrik's Twitter Handle

Hans Vargas Silva joins this episode of Dark Rhino Security's Security Confidential Podcast and Videocast. Hans is a leader in cybersecurity leader. He has extensive experience in the field. Hans has worked with Sallie Mae and is currently with Marathon Petroleum. He has a great academic background with degrees and certificates from Purdue, MIT, and Harvard. He provides his thoughts and experiences on protecting critical infrastructure from cyber intrusions, compliance and cybersecurity, giving back to the community and much more.  

01:13 How Hans got into Cybersecurity 

04:00 How education shapes a career in Cybersecurity 

08:56 Critical Infrastructure and Cybersecurity 

19:40 Compliance is a low bar for Cybersecurity 

23:57 Incomplete deployments of Cybersecurity solutions  

24:49 How to communicate cyber risk 

29:58 The dilemma of regulators 

34:44 Sharing security information with the Federal Gov’t 

39:20 Contributions to infosec from academia 

42:25 Giving back and volunteering  

To learn more about Team Rubicon

Amelia Jarboe appears on this episode of Security Confidential. Amelia is a Cybersecurity Controls Engineer. She has held many positions in the field of cybersecurity. She is a graduate of The Ohio State University. In addition, to her work as a cybersecurity controls engineer she is on the Steering Committee for Machine Learning and is speaking at the ISSA Central Ohio Infosec Summit.

00:00 Introduction 

01:10 How Amelia got into Cybersecurity 

03:57 A passion for protecting people with Cybersecurity 

06:47 OSU's Cybersecurity Program 

07:40 Imposter Syndrome in Cybersecurity 

12:25 Compliance and Cybersecurity 

15:20 Continually verifying and validating the controls in place 

16:17 Top metrics in Cybersecurity 

17:47 A technique to convince decision makers about cyber spend 

21:25 Controls to begin a Cybersecurity program with-Spikes and Gaps 

26:38 Guidance on frameworks in Cybersecurity 

30:20 Cybersecurity is an everyone problem 

32:27 Individual privacy and Cybersecurity 

36:37 Causes for Cybersecurity incidents 

39:12 Engaging the end users in Cybersecurity 

41:13 Machine learning 

43:13 Mentorship at the High School and Elementary School levels 

49:24 The freedom to fail as a base for great success 

50:00 ISSA in Central Ohio appearance

To learn more about Dark Rhino Security