This week we're joined by Rapid 7 founder and new IANS Faculty member Chad Loder to discuss the changing vulnerability scanning and management landscape and the need for more holistic, better integrated security awareness programs. Chad and I also touch on the goings on at last week's Blackhat and DEF CON events and talk about ways CISOs can improve their stature -- and their value prop -- within their organizations.
IANS Faculty Mark Clancy hops on the broadcast this week for a no-nonsense analysis of this week's global Petya-like ransomware attack. Mark brings his decades of experience as a security consultant, enterprise defender and threat intelligence expert to this discussion of the evolution of cyber-weapons, the limitations of real-time incident response and the tough choices teams make to balance protections and productivity.
It's dangerous world out there, and guys like Jon Condra are here to help us make sense of it. The Director of East Asian Research and Analysis at risk and threat intelligence firm Flashpoint, Jon joins me this week to talk about the recent Flashpoint Business Risk Intelligence Decision Report he authored and share his insights on emerging threats from Russia, China, North Korea and a host of other international bad actors.
After a busy week in infosec, we needed help sorting the wheat from the chaff. Enter IANS most prolific and acerbic faculty member, Dave Shackleford, to deliver the smackdown of truth on proposed updates to the ubiquitous NIST Framework, the present and future states of ransomware in the age of WannaCry, and the real value of President Trump's new cybersecurity executive order.
The WannaCry ransomware attack garnered global attention, but what should organizations be doing today to defend themselves against these types of attacks in the future? What’s the likelihood of a copycat attack in the near future? Was this simply a test for future, larger attacks?
IANS Faculty Dave Kennedy, president and CEO of TrustedSec and frequent guest on major news networks such as CNN and Fox, stops by the IANS studio to review the latest details surrounding the WannaCry attack and offer tips for thwarting future attacks, from disabling SMB-1 to implementing application whitelisting.
Special Guest David Dewey, head of research at Pindrop Security, drops by to talk about Pindrop's comprehensive report on the frightening state of call-center fraud. We discuss how phone fraudsters, aided by VOIP and other call-manipulation technologies, are costing large enterprises millions in account takeovers, fraudulent purchases and returns, bogus money transfers and the occasional mayhem just for the lulz.
If it's springtime in New England, it must be time for faculty member Kevin Beaver to join us on the podcast to examine the Verizon Data Breach Investigations Report better known as the DBIR. This week we dive into the 10th annual report and talk about what the findings say about our seeming inability to eradicate even basic security shortcomings like lousy passwords, porous web apps and our insatiable penchant for clicking on stuff. Any stuff.
Kevin and I also spend a few minutes talking about the Trump administration's efforts to improve security in federal government agencies and departments. And Kevin tells us why his passion for racing souped-up Mazda Miatas maybe isn't so crazy after all.
The IANS Podcast hits the road this week, meeting up with cloud expert and presentation powerhouse George Gerchow at our Washington DC Forum for a wide-ranging discussion of all things enterprise cloud security. George shares insights into the white-hot Cloud Access Security Broker (CASB) market, and dishes on behind-the-curtain action at the Big 3 cloud providers.
George also dives into SecDevOps, and talks about the need for coding savvy for infosec leaders in the new "security as code" world. He also shares how his other life pursuit as an accomplished musician informs his work as an information security thought leader.
This week, IANS Faculty Raffy Marty stops by to dish on the buzz -- and the hype -- surrounding machine learning and artificial intelligence in security. The VP of all things analytics at Sophos also talks improvements in visualization, trends in endpoint protection, and the need for better asset inventories and data classification in today's enterprises.
Well-known IT security and services expert Lawrence Walsh joins me this week to share his deep insights for vetting and working with managed security services provider (MSSPs) in a variety of settings. Larry and I also share a wide-ranging discussion of infosec industry trends, hits and misses from the recent RSA Conference, and the impact of the Trump administration on the tech sector.