This week, Securosis founder and CEO Rich Mogull joins us to elaborate on his popular new blog series "Tidal Forces: The Trends Tearing Apart Security as We Know It." The thought-provoking articles, which will form the basis of Mogull's RSA talk next month, focus on fundamental changes in the nature of endpoints and the grand transformation toward cloud-based, as-as-service IT delivery. These changes, Mogull posits, are inflection points that will roil the multibillion dollar IT security market and require a significant rethinking of infosec by both vendors and practitioners.
The always-entertaining Joff Thyer of Black Hills Information Security shares his insights on threat hunting in the enterprise and gives advice on how information security leaders and teams can get maximum benefit from penetration tests -- from preparation and documentation to teaching moments and after-action items. We also take on more Yahoo! follies, the ongoing drama that is vendor vulnerability reporting, and the OTHER Russian hack -- the Methbot criminal enterprise stealing millions in video advertising revenues.
IANS faculty infosec experts Marcus Ranum, Dave Kennedy and Aaron Turner join me for a special edition of the IANS Information Security Podcast to discuss the recent DHS-FBI report attributing election-season hacking to Russian state-sponsored actors. We talk about the quality of the government's evidence in the matter and examine ways private-sector security professionals might be able to leverage the report's indicators of compromise to bolster their network defenses... or not.
Well-known security researcher and IoT expert Chris Poulin joins me this week to discuss the real issues around securing connected devices and embedded systems. Chris also talks about the challenges of increasingly connected automobiles and shares his optimistic view of Internet of Things as a beneficial platform for innovation.
Prolific IANS faculty member Aaron Turner brings his broad infosec expertise and sharp commentary to the 'cast this week on subjects ranging from the scourge of ransomware to the death of Microsoft's EMET. Aaron also addresses the sorry state of PIM/PAM in the enterprise, our failings in mobile device management and gives us a sneak peek at his Internet of Criminal Things talk at next year's RSA Conference.
Faculty member Kevin Johnson brightens the podcast studio this week for a rollicking conversation about incident response, penetration testing, and the value of business acumen for security leaders. A dedicated Star Wars fanatic, Kevin also talks about his charity work, including an upcoming 5K for the Arthritis Foundation that he'll "run" in full Darth Vader gear.
If you want to help Kevin and his team raise a few bucks for a great cause, go here.
IANS Senior Faculty Dave Shackleford joins the 'cast this week to talk about global DDoS threats, password policy problems, privileged credential management and the rising popularity of defensive threat-hunting efforts. Dave also shares his plans for presenting advanced web app pen testing techniques at IANS first-ever London symposium next month.
The inimitable Hacking Dave himself, IANS Faculty member Dave Kennedy, joins us this week to talk about the recent password follies, ethical issues around vulnerability disclosures, and his advice for effective penetration testing and purple teaming. Dave also shares insights into the hyper-positive culture and vibe of DerbyCon and talks about witnessing the big win last June of his hometown Cleveland Cavaliers.
On the show this week, IANS faculty member Ken Van Wyk talks NSA vs. Shadow Brokers and shares his approach to crafting effective incident response exercises. Ken also tells us how he helps organizations tackle the elusive art of threat modeling in the enterprise. Also joining us this week, social media expert Ginger Stevenson on IANS efforts to engage clients and faculty on Twitter and LinkedIn.
Security journalist, analyst and pundit Paul Roberts joins the IANS Podcast this week to talk about the state of security in all things connected and embedded. The editor of The Security Ledger also gives us a preview of the agenda for the 3rd Annual Security of Things Forum next month.