This week I'm joined by IANS faculty member and Incite Learning founder Dr. David C. Kolb to talk about his popular series of organizational engagement and leadership skills courses now in their second year at the IANS Information Security Forums. David shares his thoughts on new sessions for 2017 targeting negotiation skills and the ability to thrive in the chaos that defines most infosec environments.
We also get in some Super Bowl talk and discuss how David's years as an outdoorsman and Outward Bound program leader have informed his work helping corporate executives hone their soft skills.
This week, Securosis founder and CEO Rich Mogull joins us to elaborate on his popular new blog series "Tidal Forces: The Trends Tearing Apart Security as We Know It." The thought-provoking articles, which will form the basis of Mogull's RSA talk next month, focus on fundamental changes in the nature of endpoints and the grand transformation toward cloud-based, as-as-service IT delivery. These changes, Mogull posits, are inflection points that will roil the multibillion dollar IT security market and require a significant rethinking of infosec by both vendors and practitioners.
The always-entertaining Joff Thyer of Black Hills Information Security shares his insights on threat hunting in the enterprise and gives advice on how information security leaders and teams can get maximum benefit from penetration tests -- from preparation and documentation to teaching moments and after-action items. We also take on more Yahoo! follies, the ongoing drama that is vendor vulnerability reporting, and the OTHER Russian hack -- the Methbot criminal enterprise stealing millions in video advertising revenues.
IANS faculty infosec experts Marcus Ranum, Dave Kennedy and Aaron Turner join me for a special edition of the IANS Information Security Podcast to discuss the recent DHS-FBI report attributing election-season hacking to Russian state-sponsored actors. We talk about the quality of the government's evidence in the matter and examine ways private-sector security professionals might be able to leverage the report's indicators of compromise to bolster their network defenses... or not.