Join us and our guest, Jayesh Singh Chauhan, takes us through all that this year's village has to offer.About the Cloud VillageCloud village is an open space to meet folks interested in offensive and defensive aspects of cloud security. The village is home to various activities like talks, workshops, CTFs and discussions targeted around cloud services.If you are a professional who is looking to gain knowledge on securely maintaining the cloud stack and loves to be around like-minded security folks who share the similar zeal towards the community, Cloud Village is the perfect place for you.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestJayesh Singh ChauhanFounder, Cloud Village [@cloudvillage_dc]On LinkedIn | https://www.linkedin.com/in/jayeshschOn Twitter | https://twitter.com/jayeshschOn Facebook | https://facebook.com/jayeshsch____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesCloud Village CTF Portal: https://ctf.cloud-village.org/Cloud Village website: https://cloud-village.org/On YouTube | https://www.youtube.com/cloudvillage_dcAt DEF CON: https://forum.defcon.org/node/239788____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

25 years of BlackHat gatherings and related research. 20+ years of venture capital, investments, and mergers & acquisitions dedicated to CyberSecurity. That's a lot of time and presumably a lot of effort and money. So...where do we find ourselves on the road to better cyber defenses?Our guest for this episode is Bob Ackerman. Bob started AllegisCyber nearly 20 years ago with the vision to be the first venture firm to focus 100% on cyber security investing. We are experiencing a third downmarket where Bob has been as a dedicated cyber VC—a distinction shared by a select few—and he has helped hundreds of startups navigate these cycles. The geopolitical landscape, threats to civilian critical infrastructure, and heightened government involvement collectively make this market even more different, uncertain, and riddled with risk for the startups and investors new to the cyber domain. A lot has happened. But a lot has stayed the same as well. Let's explore this a bit during this chat as part of our Black Hat and DEF CON 2022 coverage.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestBob AckermanManaging Director & Founder - AllegisCyber Capital [@AllegisCyber]On LinkedIn | https://www.linkedin.com/in/bob-ackerman-a233336/On Twitter | https://twitter.com/BobAckerman____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesForbes Article - New SEC Cybersecurity Reporting Requirements: What Companies Should Know About Regulations: https://www.forbes.com/sites/forbesfinancecouncil/2022/07/08/new-sec-cybersecurity-reporting-requirements-what-companies-should-know-about-regulationsForbes Article - New SEC Cybersecurity Reporting Requirements: Three Things Companies Need To Do Now: https://www.forbes.com/sites/forbesfinancecouncil/2022/05/25/new-sec-cybersecurity-reporting-requirements-three-things-companies-need-to-do-now____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

"Striker, listen, and you listen close: flying a plane is no different than riding a bicycle, just a lot harder to put baseball cards in the spokes." - Rex Kramer [Airplane! the movie]It's a lot harder to secure these giant flying computer systems as well. The same is true for pretty much every vessel and communications system represented in the Aerospace Village. Join us and our guest, Kaylin Trychon, as we take a journey into what visitors can expect at this year's village.About the Aerospace VillageAerospace is a cornerstone of our global infrastructure and economy. While passenger safety is at an all-time high, the increasing adoption of connected technologies exposes aircraft, airports, satellites, and the interdependent aerospace ecosystem to new types of risks. The consequences of cybersecurity failure in a ground, air, or space-based system can impact human life and public safety; a crisis of confidence in the trustworthiness of air travel can undermine economic and (inter)national security.MISSION: Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders.VALUES: The aerospace industry, security researchers, and the public share a common goal: safe, reliable, and trustworthy aviation and space operations.GOAL: The Aerospace Village is a diverse community of hackers, engineers, pilots, policy leaders and more from across both the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel, which is highly dependent on secure aviation and space operations.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestKaylin TrychonCommunications Director at the Aerospace Village [@SecureAerospace]On LinkedIn | https://www.linkedin.com/in/kaylintrychon/On Twitter | https://twitter.com/KaylinTrychon____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesAerospace Village DEF CON Schedule: https://aerospacevillage.org/events/upcoming-events/def-con-30/Aerospace Village website: https://aerospacevillage.org/On LinkedIn | https://www.linkedin.com/company/aerospace-village/At DEF CON: https://forum.defcon.org/node/240500____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Everything is connected these days — from coffee machines to home security cameras to drones. And they all could use a good ole hacking. Regardless of your hacking skills level, join the IoT Village crew for good vibes and tons of stuff to get your hands on.Join us and our guest, Rachael Tubbs, as we get into the vibe of all things IoT Village at DEF CON 2022!About the IoT VillageIoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Loudmouth Security.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestRachael TubbsMarketing and Events Lead at Independent Security Evaluators [@ISEsecurity]On LinkedIn | https://www.linkedin.com/in/rachael-tubbs-1a1085135/____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesIoT Village DEF CON Schedule: https://www.iotvillage.org/defcon.htmlIoT Village website: https://www.iotvillage.org/On LinkedIn | https://www.linkedin.com/showcase/iotvillageAt DEF CON: https://forum.defcon.org/node/239789____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Web3 is a live experiment that is happening now. Around us. To us. By us. How will it affect privacy and security? Let's find out.In this conversation with Black Hat speaker, Nathan Hamiel, we explore the definition and promise of Web3 and its impact — positive and negative — on society.About the Session "From Hackathon to Hacked: Web3's Security Journey": If there's one prediction you can make with certainty, it's that security in the Web3/blockchain space will get a whole lot worse before it gets better. We have the perfect cocktail of inexperience mixed with emerging technology playing out in full public view with large sums at stake and the permanence of immutable transactions. The result is predictable. An environment free from constraints can seem like an innovation paradise, but when the stakes are so high, you have to get everything right the first time because there may not be a next time. We tend to forget that what we see from this space are experiments playing out in production, and the time between exploitation and losing millions of dollars worth of value can be measured in seconds. So, how did we get here? Is it all doom and gloom? What can be done?This talk is a grounded look at the factors contributing to the security failures we've witnessed, free from the hype and hatred associated with the space. We look at the similarities and differences between the development of this new technology and more traditional applications and how some of the attacks manifested. Better testing and tools aren't enough to solve the problem. We discuss actionable steps projects and chains can use today to address these issues and make the ecosystem safer for projects and users.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestNathan HamielSenior Director of Research at Kudelski Security [@KudelskiSec]On LinkedIn | https://www.linkedin.com/in/nathanhamiel/On Twitter | https://twitter.com/nathanhamiel____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSession | From Hackathon to Hacked: Web3's Security Journey: https://www.blackhat.com/us-22/briefings/schedule/index.html#from-hackathon-to-hacked-webs-security-journey-26692Kudelski Security Research Blog: https://research.kudelskisecurity.com/____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

What's old is new again. With a fresh new pair of amazing co-founders, the social engineering community will come together to make some calls, have some laughs, and discuss the morals and ethics of getting someone to do something they wouldn't have otherwise done.In this Chats on the Road to Las Vegas, we have the privilege of chatting with the new Social Engineering Community Village at DEF CON, Stephanie "Snow" Carruthers. Join us to get the low-down on what's staying the same, what's new, and what's certain to be a fantastic time.About the Social Engineering Community VillageThe Social Engineering Community is formed by a group of individuals who have a passion to enable people of all ages and backgrounds interested in Social Engineering with a venue to learn, discuss, and practice this craft. We plan to use this opportunity at DEF CON to present a community space that offers those elements through panels, presentations, research opportunities, and contests in order to act as a catalyst to foster discussion, advance the craft and create a space for individuals to expand their network.Snow and JC plan to accomplish the above by bringing together passionate individuals to have a shared stake in building this community with the goal to continuously grow and iterate members of the Social Engineering Community in various roles to all have an opportunity to give back equally.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestStephanie "Snow" CarruthersCo-Founder of the new Social Engineering Community (SEC), a DEF CON village [@sec_defcon]On Twitter | https://twitter.com/_sn0ww____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSocial Engineering Community Village DEF CON Schedule: https://www.se.community/village-schedule/Social Engineering Community Village website: https://www.se.community/On LinkedIn | https://www.linkedin.com/company/social-engineering-community/On YouTube | https://www.youtube.com/channel/UCFlepVHh7k5rBRTXwDrHyJAAt DEF CON: https://forum.defcon.org/node/240918____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Applications run the world. They provide an interface to the rest of the technologies and data we create, share, and make decisions with. Sometimes these interfaces come in the form of a user interface (UX), sometimes in the form of an API. In both cases, they offer a path to the systems and information we hold dear to us.In this Chats on the Road to DEF CON, we connect with the co-founders and organizers of the AppSec Village along with their keynote speaker at the village this year. This is a conversation about the real-world that you won't want to miss.About the AppSec VillageWelcome to AppSec Village, where red, blue and purple teamers, come together learn from the best of the best on how to exploit software vulnerabilities and how to secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.Our mission is to promote diverse voices and perspectives in an inclusive environment driven for and by the appsec community to increase education and awareness of application security methods and practices.About Chris Kubecka's Keynote: Wartime AppSecTo understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.Come on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestsChris KubeckaCEO at HypaSec NL [@HypaSec] and Keynote speaker at AppSec Village at DEF CON 30On LinkedIn | https://www.linkedin.com/in/chris-kubecka/On Twitter | https://twitter.com/SecEvangelismLiora HermanFounder and Queen of Details at AppSec Village [@AppSec_Village] and Head of Field and Channel Marketing, EMEA & APAC at Pentera [@penterasec]On LinkedIn | https://www.linkedin.com/in/liorarherman/On Twitter | https://twitter.com/tzionit411On Facebook | https://www.facebook.com/liorarhermanOn YouTube | https://www.youtube.com/c/AppSecVillage/Erez YalonFounder and Mayor at AppSec Village [@AppSec_Village] and VP of Security Research at Checkmarx [@Checkmarx]On LinkedIn | https://www.linkedin.com/in/erezyalon/On Twitter | https://twitter.com/ErezYalon____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesAppSec Village DEF CON Schedule: https://www.appsecvillage.com/events/dc-2022AppSec Village website: https://www.appsecvillage.com/On LinkedIn | https://linkedin.com/company/appsecvillageOn YouTube | https://www.youtube.com/c/AppSecVillage/At DEF CON: https://forum.defcon.org/node/240922____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

When you combine a DevOps engineer with a data engineer that is also interested in cybersecurity and privacy, what does that relationship look like for the business? Let's find out.In today's episode, we catch up with DevOps engineer and data engineer, Saman Fatima. We dig into how her experience in a variety of engineering roles and her connections to the cybersecurity community help shape how she looks at and uses data to drive business outcomes.____________________________GuestsSaman FatimaManagement Lead and Vice-Chair of Board at BBWIC Foundation [@barriers_in]On LinkedIn | https://www.linkedin.com/in/saman-fatima-30/On Twitter | https://twitter.com/saman_3014____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc____________________________ResourcesTraining resource for Data Engineering: https://www.coursera.org/professional-certificates/ibm-data-engineerData Community: https://www.linkedin.com/company/dataworksforeveryone/Saman's Talk on "How to build a STRONG Data Driven Organization" at TECH)K)NOW DAY: https://www.youtube.com/watch?v=S2962uhQpaEBBWIC Foundation: https://www.bbwic.com/ (on LinkedIn: https://www.linkedin.com/company/bbwic-foundation/mycompany)____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Sometimes the best offense is a good defense. The Blue Team Village aims to bring an amazing experience to DEF CON where the community joins together to hack the defensive side of security: mindset, techniques, tools, mentoring, and more.About the Blue Team VillageBlue Team Village (our friends just call us BTV) is both a place and a community built for and by defenders. It’s a place to gather, talk, share, and learn from each other about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals. Whether we are in the same physical space, or in the ether, BTV is a place for encouraging, teaching, and supporting Blue Teamers.We will have plenty of defender focused sessions held throughout the year. Don’t forget to hang out in the Discord channels to ask questions, catch up with old friends, and meet new ones.BTV promises to be a firehose of Blue Team learning, sharing, and fun for the defenders who build things, defend things, and innovate. Come celebrate the other side of the hacking mirror with us. We’ll keep a blue light on for you!Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestsCassandra Young (muteki)Director at the Blue Team Village [@BlueTeamVillage]On LinkedIn | https://www.linkedin.com/in/cassandrayOn Twitter | https://twitter.com/muteki_rtwOn YouTube | https://www.youtube.com/blueteamvillageDavid Porco (Quix0te/OMENScan)Director at the Blue Team Village [@BlueTeamVillage]On LinkedIn | https://www.linkedin.com/in/dporco/On Twitter | https://twitter.com/OMENScan____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesBlue Team Village DEF CON Schedule: https://dc30.blueteamvillage.org/call-for-content-2022/schedule/#Blue Team Village website: https://blueteamvillage.org/On LinkedIn | https://www.linkedin.com/company/the-blue-team-village/At DEF CON: https://forum.defcon.org/node/239819____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The ICS Village is one of the first DEF CON villages we ever connected with. A lot has changed over the years, including the threats faced by critical infrastructure entities around the world. Let's find out what to expect at this year's village.About the ICS VillageHigh profile industrial control system (ICS) security issues have grabbed headlines and sparked change throughout the global supply chain. The ICS Village allows defenders of any experience level to understand the unique failure modes of these systems and how to better prepare and respond to the changing threat landscape.Interactive simulated ICS environments, such as Hack the Plan(e)t and Howdy Neighbor, provide safe yet realistic environments to preserve safe, secure, and reliable operations. The ICS Village brings a compelling experience for all experience levels and types, with IT and industrial equipment. Our interactive learning approach invites you to get hands on with the equipment to build your skills.We bring you real components such as programmable logic controllers (PLC), human-machine interfaces (HMI), remote telemetry units (RTU), and actuators to simulate a realistic environment by using commonly used components throughout different industrial sectors. You will be able to connect your machine to the different industrial components and networks and try to assess these ICS devices with common security scanners to sniff the industrial traffic, and more!Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestsBryson BortCo-Founder of the ICS Village [@ICS_Village]On LinkedIn | https://www.linkedin.com/brysonbortOn Twitter | https://mobile.twitter.com/brysonbortOn YouTube | https://youtube.com/c/ICSVillageTom VanNormanFounding member of the ICS VillageOn LinkedIn | https://www.linkedin.com/in/thomasvannorman/On Twitter | https://twitter.com/Tom_VanNorman____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesICS Village Website: https://www.icsvillage.com/ICS Village at DEF CON 30 Schedule: https://www.icsvillage.com/schedule-def-con-30ICS Village 360 Tour: https://www.exhibitstudiosmedia.com/tours/21396_ics_360_tour/____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The industry recognizes there is a problem with staff being overworked and reaching a point of burnout. What is the definition of burnout, and how can we spot the signs? Perhaps we need to look at this from a different angle to begin to make some progress in this area.In this conversation with Black Hat speaker, Dr Stacy Thayer, we explore the history, definition, and progress we are making as we attempt to deal with burnout and the overarching challenges of employee experience.About the session, "Trying to Be Everything to Everyone: Let’s Talk About Burnout"Research shows computer security professionals describe the computer security industry as a high-risk yet high-reward profession with negative effects on the workforce. There is an estimated 805,000 computer security professionals working in the US, but meeting the business demand for computer security professionals would require 62% industry growth. This leaves those in the field understaffed and highly stressed, ultimately leading to burnout. Stress and burnout can lead to mental fatigue, which can negatively impact motivation and engagement. It can also cause diminishing focus and performance levels, and have a negative impact on operational security, satisfaction, and performance, both in the office and at home. This talk will discuss the existing research on burnout in the computer security industry and will discuss what really causes burnout, why it happens, and what you can do to mitigate it, including setting healthy boundaries, avoiding guilt, realistic ways to manage anxiety, and honest self-talk so you can identify what is needed to refill your energy and passion.I will discuss how to recognize burnout in hidden places and explore the root causes of it.I will address what to do about it – going beyond simply meditation, exercise, and healthy eating. If it was that easy, we would all be doing that. This talk is unique in that it will utilize a knowledge of practical psychology to keep it real and use behavioral change models as a guide for reducing burnout. How do you find motivation, appreciation, and time for yourself when it feels like the world around you is demanding you give more? You will leave this talk with a better understanding of how burnout happens, your personal relationship to burnout, and an idea of what to do to help reduce, relieve, and manage it.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestStacy ThayerPh.D, Clinical and Organizational/Business Psychology, Norfolk State University [@Norfolkstate]On LinkedIn | https://www.linkedin.com/in/stacythayer/On Twitter | https://twitter.com/DrStacyThayer____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSession | Trying to Be Everything to Everyone: Let’s Talk About Burnout: https://www.blackhat.com/us-22/briefings/schedule/#trying-to-be-everything-to-everyone-lets-talk-about-burnout-28230____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

While many in the InfoSec industry try to be all things to all people, sometimes that just isn't a winning strategy? What is? Let's have a chat with Adam Shostack to find out.About the session, "A Fully Trained Jedi, You Are Not"As software organizations try to bring security earlier in the development processes, what can or should regular software or operations engineers know about security? Taking as given that we want them to build secure systems, that demands a shared understanding of the security issues that might come up, and agreement on what that body of knowledge might entail. Without this knowledge, they'll keep building insecure systems. With them, we can have fewer recurring problems that are trivially attackable.Training everyone at a firm is expensive. Even if the training content is free, people's time is not. If you have 1,000 people, one hour per person is half a person year (before any overhead). So there is enormous pressure to keep it quick, ensure it meets compliance standards like PCI, and … the actual knowledge we should be conveying is almost an afterthought. We need to design knowledge scaffolding and tiered approaches to learning, and this talk offers a structure and tools to get there.We don't need every developer to be a fully trained Jedi, and we don't have time to train everyone to that level or even as much as we train security champs. So what could we ask everyone to know, and how do we determine what meets that bar?Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestAdam ShostackPresident at Shostack & AssociatesOn LinkedIn | https://www.linkedin.com/in/shostack/On Twitter | https://twitter.com/adamshostack____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSession | A Fully Trained Jedi, You Are Not: https://www.blackhat.com/us-22/briefings/schedule/#a-fully-trained-jedi-you-are-not-26650____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Threat hunting is all the rage. But what the heck is it? "Ask 10 InfoSec professionals to define threat hunting, and you'll get 11 different answers," writes John Dwyer in his Black Hat session abstract. Will we get to hear the 12th definition in this episode?About the session, "The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting""Ask 10 infosec professionals to define threat hunting and you'll get 11 different answers." Threat hunting is one of those interesting components of cybersecurity where everyone knows they should be doing it but not everyone can fully articulate what threat hunting is.In our roles as threat hunters, we're lucky enough to be witness to, and evaluate, the hunt programs of Fortune 100 companies, state and national governments, and partners and MSPs. This experience has shown us that one person's definition of threat hunting does not necessarily equal another's.If you do an Internet search for "how to build a threat hunting program" there are plenty of results and some include great insights into what makes a threat hunting program effective. However, while resources do exist, they're often tied to a specific vendor or a particular product and the best way to hunt using it. There's useful information, but you're left trying to find a way to make the proposed processes and techniques work for your environment and not the one driven by the vendor."If you don't like the road you're walking, start paving another one." It's with that in mind that we're releasing a threat hunting framework that can help organizations start a threat hunting program as well as improve threat hunting operations for existing programs that's free and not tied to any particular technology.This framework will enable organizations to take control of building a threat hunting program by providing a clear path to operationalizing threat hunting as well as a well-defined threat hunting process to ensure threat hunters are set up for success.We've responded to far too many incidents that could have been prevented with solid threat hunting operations and we hope this project can help prevent future incidents.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestJohn DwyerHead of Research at IBM X-Force [@IBM | @XForceIR | @IBMSecurity]On LinkedIn | https://www.linkedin.com/in/john-dwyer-xforce/On Twitter | https://twitter.com/TactiKoolSec____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSession | The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting: https://www.blackhat.com/us-22/briefings/schedule/#the-open-threat-hunting-framework-enabling-organizations-to-build-operationalize-and-scale-threat-hunting-26702____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

During his keynote at Black Hat 2022, former CISA Director, Chris Krebs, will reflect on 25 years of the information security community, discussing today’s risks and trends and what they mean for tomorrow’s network defenders. We get a sneak peek into some of these items during this Chats on the Road to Las Vegas.Chris Krebs is a Founding Partner of Krebs Stamos Group, founded in 2020 alongside Alex Stamos. He was the first director of U.S. Cybersecurity and Infrastructure Security Agency (CISA), leading the nation’s civilian cyber defense and business resilience and risk management efforts. He will give his talk “Black at 25: Where Do We Go from Here?” on Wednesday, Aug. 10 at 9 a.m.About the keynote, "Black Hat at 25: Where Do We Go from Here?"For twenty-five years, the InfoSec community and industry have been gathering here in the desert. For twenty-five years, we have chipped away at underlying insecurities in the technologies we use every day with new vulnerability research and adversary insights. For twenty-five years we’ve seen vendors and software firms roll out new products and protections. With the last twenty-five years as prologue and as we look forward to the next twenty-five years, we have to ask ourselves: are we on the right track?We certainly aren’t set up for success, given society’s insatiable and almost pathological need to connect everything. We’re constantly serving up more attack surface to the bad guys and always cleaning up after business decisions that we know will drive bad security outcomes. All the while factors out of our hands – namely global market realities and shifting geopolitical dynamics – wreck nearly overnight carefully orchestrated business plans and national strategies. The last few years of geopolitical chaos and autocratic retrenchment might look like the good ol’ days by the end of the 2020s.This talk will work through today’s risk trends and what they mean for tomorrow’s network defenders, suggesting along the way the needed shifts in both mindset and action to successfully deliver better outcomes while recognizing that we’re going to be forever operating in a contested information environment. To rip off a Mitch Hedberg joke (RIP), maybe over the next twenty-five years we can build a safer, more resilient technological future where systems and infrastructure behave more like escalators: when they break, they turn into stairs.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestChris KrebsFounding Partner, Krebs Stamos Group [@KrebsStamos]On LinkedIn | https://www.linkedin.com/in/christopherckrebs/On Twitter | https://twitter.com/C_C_Krebs____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesKeynote | Black Hat at 25: Where Do We Go from Here?https://www.blackhat.com/us-22/briefings/schedule/index.html#keynote-chris-krebs-28699____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In this episode, ...Note: This story contains promotional content. Learn more.Guests:Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonDaniel Floyd, CISO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/daniel-n-floyd/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak during RSA Conference: Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Vulnerabilities are discovered every day. Once found, they make their way into any number of databases that can be used to help organizations take action to put a patch in place... if one is available. But what about the case where the weakness is actively exposed or being exploited? This is where CSIRT.global comes in.Born from the work being done at the Dutch International for Vulnerability Disclosure (DIVD), a team of volunteers have decided to take things to the next level, helping organizations take action when action matters most ... when a vulnerability exists, when that vulnerability is being exploited in the wild, and when an organization is prone to (or is under) attack. That's when the email is sent from CSITR.global to the affected organization, letting them know what the team uncovered."We don't send marketing emails. We don't send emails promoting conferences. When a company gets an email from us, it really means something.” ~EwardThere's a lot going on in this process, from scanning the entire global Internet for every system exposed, identifying vulnerabilities on those systems, and mapping the proof of concept to those two results to determine whether or not an organization is vulnerable or is showing signs of having been compromised. The next piece of the puzzle is figuring out who or what is behind the IP address that was scanned and flagged. This isn't always easy given how IP addresses are assigned and looked up. The next piece of the puzzle is even harder, in that CSIRT.global needs to find a way to contact the affected entity that lives behind the IP address ... which department or person should receive the info and what is their email address? Good luck finding that in a pinch. And, to top it all off, the receiving party needs to trust that the email they received from CSIRT.gloal is both legitimate and must be taken seriously. The process is rooted in information and built on trust - which is one of the main reasons they sought and receive support from the Dutch government.It's this full circle scenario that delivers the real value provided by this group. It can scale to a global nature, but requires the help of the global community. Listen in to hear more about how this works, how to get involved, and how this non-profit organization is redefining cybersecurity.____________________________GuestsEward DriehuisFounder at 3Eyes Security and Chairman at CSIRT.globalOn LinkedIn | https://www.linkedin.com/in/ewarddriehuis/On Twitter | https://twitter.com/e3huisLennaert OudshoornCSIRT Coordinator And Webmaster at Dutch Institute for Vulnerability Disclosure (DIVD) [@DIVDnl]On Twitter | https://twitter.com/lennaert89On LinkedIn | https://www.linkedin.com/in/lennaertoudshoorn/____________________________This Episode’s SponsorsAsgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vcHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesCSIRT.global: https://csirt.global/ & https://www.divd.nl/DIVD: https://www.divd.nl/ and on LinkedIn: https://www.linkedin.com/company/divd-nl/May Contain Hackers (MCH2022) Hacker Conference: https://mch2022.org/#/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In this conversation, we explore the overall process for creating a culture where applications are secured from the beginning on through to monitoring and response:Which teams are involvedHow do secure products get defined from the beginning (PRDs, architecture, design, planning, etc.)How do they communicate/collaborate (tools/techniques)Tips and tricks to streamline processes, reduce human workload (aka automation)How to define and demonstrate success____________________________GuestsKristy WestphalVP Security Operations at HealthEquity and Adjunct Professor at Arizona State University [@ASU]On LinkedIn | https://www.linkedin.com/in/kmwestphalGiora EngelCEO & Co-Founder at Neosec [@neosec_com]On LinkedIn | https://www.linkedin.com/in/giorae/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebImperva: https://itspm.ag/imperva277117988Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc____________________________ResourcesOWASP API Security Project: https://owasp.org/www-project-api-security/OWASP Top 10: https://owasp.org/www-project-top-ten/White Paper | Scorched Earth: Hacking Banks And Cryptocurrency Exchanges Through Their APIs: https://knightgroup.app.box.com/s/mlmoa5vtw1ktqo8vcwcqtbex70mtvpo0API Security Fundamentals 2022: https://www.neosec.com/api-security____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/application-and-api-security-sometimes-we-see-the-risk-sometimes-its-hidden-inside-an-api-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Tradition arrives again as we hit the road to Las Vegas to cover the biggest and most important hacker conference in the world: Black Hat. Celebrating its 25th (silver) anniversary, there is a lot to celebrate and absorb from this year's hybrid conference in Las Vegas and online. Join us as we connect with Black Hat General Manager, Steve Wylie, to get the latest on what everyone can expect this year.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestSteve WylieVice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________Resources____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As we continue this 2nd part of the conversation, we immediately kick things off with Gremlins and quickly move into real-world scenarios where bad bots wreak havoc by enabling high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, skewed marketing analytics, and degraded online services.The implications of account takeover (ATO) are also extensive, where successful attacks can lock customers out of their account, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.How can organizations — actually, the people in them that keep the business running — distinguish between real, authentic traffic versus something that's being driven by a bot? That's exactly what we talk about.We hope you enjoy this Part 2 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

We pack a lot into this conversation, looking at what to learn, how to learn, and who to learn from, getting a fantastic overview of the conference from many angles and positions.*Threat intelligence**Development processes**Cyber security M&A market**Sales**Marketing messaging**Cyber law**Standards*Tune in to this conversation as we wrap up our coverage of RSA Conference 2022. Be sure to listen to all of the conversation we had before, during, and after the event.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 as well.____________________________GuestEward DriehuisFounder at 3Eyes Security and Chairman at CSIRT.globalOn LinkedIn | https://www.linkedin.com/in/ewarddriehuis/On Twitter | https://twitter.com/e3huis____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesLinkedIn post summing up the discussion points: https://www.linkedin.com/posts/ewarddriehuis_this-is-going-to-be-a-long-post-on-my-lessons-activity-6941702693895725056-H1YALearn more about RSA Conference 2022: https://itspm.ag/rsac-b8ef76____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageBe sure to catch all of the conversations for the Black Hat and DEF CON conferences in Las Vegas: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22sp

SecAura is an amateur YouTuber whose post I came across caught my attention. SecAura creates free educational videos for ethical hacking and does so while going the extra mile to hand-craft many of the animations used in the videos. All of this is done outside of the  9-5 job SecAura has as a penetration tester. Realizing that the technical subjects needed diagrams and that these elements were a core part of the videos being created, SecAura decided to hand-craft the animations for each of the subjects being prepared, teaching himself all that was required to do so while constantly trying to improve with each video released.SecAura aims to have every video released be at the top of its game in terms of teaching someone who knows very little about a subject and getting them to a great foundational and applicable position just from watching his videos. He also hopes to extend the community and help to create the next generation of cybersecurity professionals by providing them with real, practical skills, backed by the theory!About SecAura [from Twitter]By day I work as a pentester, and in the evening, I compete in CTFs/cyber things. I have always loved teaching, and wanted to give back to the cyber community the best I can, so I made my YouTube Channel.It was a treat speaking with SecAura, learning about the creativity, passion, and production that goes into the making each of these videos, and how they can be used by those looking to enter the field of information security, preparing for a job interview, looking to grow their skills as they aspire to take on new roles or perhaps even get promoted at their job.So many uses cases — lots of great content — all from a super cool human.____________________________GuestSecAuraEthical Hacking Content CreatorOn Twitter | https://twitter.com/secaura_On LinkedIn | https://www.linkedin.com/in/sec-aura-57736422a/On YouTube | https://www.youtube.com/channel/UCx89Lz24SEPZpExl6OfQ0Gg____________________________This Episode’s SponsorsAsgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vcImperva: https://itspm.ag/imperva277117988____________________________ResourcesMore information about SecAura: https://twitter.com/secaura_/status/1518241710412808192The new SQLi video discussed during the conversation: UNLEASH THE POWER OF SQL INJECTION | A beginners guide: https://www.youtube.com/watch?v=_Y4MpvB6o7sVIDEO: Web Fundamentals for Cyber Security | HTTP for Hackers | 0x01 (Animated): https://www.youtube.com/watch?v=ro-5AjgoPc4____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.What's driving a lot of this rise in bad bots? More and more services are moving online.We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The venture market in cybersecurity continues to shift as the economy ebbs and flows throughout the world. However, when you have a good idea, it still gets the attention of the users and the investors, even if that means starting at the bottom and working your way up.Join us for a live stream conversation with CrowdSec CEO, Philippe Humeau, as we take a quick look back at what we experienced during RSA Conference and spend some time talking through what is coming up for the 10-person contingent from CrowdSec that is making the journey to Las Vegas, arriving from multiple countries, to bring their insights, expertise, and conversations to the Arsenal, vendor halls, speaking stages, and meeting rooms during Black Hat and DEF CON.This is a quick chat packed with a lot of energy, vision, and enthusiasm — tempered with a dose of reality and humility.It's about embracing "precious" without being "precious" — have a listen.Note: This story contains promotional content. Learn more.GuestPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeau____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/from-france-to-colorado-to-las-vegas-founders-journey-to-make-the-world-of-information-security-better-through-information-sharing-a-crowdsec-story-with-ceo-philippe-humeauTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more Black Hat and DEF CON Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyAre you interested in telling your story in connection with Black Hat and/or DEF CON Conference by sponsoring our coverage?👉 https://itspm.ag/bhdc22sp

The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.Starting a business built on the premise of offering open-source software wasn't something IBM wanted to do a couple of decades ago. That didn't stop WSO2's founder and CEO, Sanjiva Weerawarana, from taking his mission in life and turning it into an operational reality for his company, creating and helping foundations and non-profits in Sri Lanka and around the world along the way.It was this initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.Developers don't have to be identity experts. They don't even have to write identity-specific code. They modify the code already in the web page or mobile app by cutting and pasting the bits of code, templates, and workflows that Asgardeo provides.The use cases are many - both directly a part of a single application and as part of other services where identity is built in.Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.Note: This story contains promotional content. Learn more.GuestMichael BunyardVice President and Head of Marketing, IAM at WSO2 [@wso2] Asgardeo [@asgardeo]On Linkedin | https://www.linkedin.com/in/michaelbunyard/On Twitter | https://twitter.com/mickeydbResourcesLearn more about WSO2 Asgardeo and their offering: https://itspm.ag/asgardeo-by-wso2-u8vcCreate seamless login experiences for your application in minutes: https://itspm.ag/asgardmn1xAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity

For our next Chats On The Road for RSA Conference 2022, we talk about security program transformation through the successful development and implementation of security framework and program management.About the RSAC 2022 Session, The Zoom Effect: A Framework for Security Program Transformation:“When companies experience rapid growth, information security organizations must adapt to meet business needs. Establishing a robust framework can help these teams communicate and gain executive support for their program. This session will outline a framework to help transform and scale an information security program and share key learnings that can be applied to other programs.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsHeather CeylanHead of Security Standards, Compliance, and Customer Assurance at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/heatherceylan/Ariel ChavanHead of Security Product and Program Management at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/ariel-c-ab445a50/____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | The Zoom Effect: A Framework for Security Program Transformation: https://www.rsaconference.com/USA/agenda/session/The%20Zoom%20Effect%20A%20Framework%20for%20Security%20Program%20Transformation____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

On the surface, building an information security program may appear as is in its name, a single program. However, in reality, there are countless elements — sub-programs and adjacent programs, if you will — that comprise a comprehensive information security program.In this conversation, we explore the overarching program, of course, including:Who owns the programHow to secure funding for the programHow to define and measure successHow to communicate progress, accomplishments, failures, and challengesCommon best practices for a programBut, we will also look at all (or, as many as we can) of the sub-programs or adjacent programs that support the main InfoSec program. Things like network security, DevSecOps, risk management, data protection, regulatory compliance, and incident response — just to name a few.Join us for this conversation and bring your questions about how best to plan, prioritize, budget, staff, and implement a successful information security program.It's time to explore reality.____________________________GuestsMari GallowayCEO and a founding board member for the Women's Society of Cyberjutsu (WSC) [@womenCyberjutsu]On LinkedIn | https://www.linkedin.com/in/themarigalloway/On Twitter | https://twitter.com/marigallowayJames LeslieCIO at Cambridge Housing Authority [@CambHousing]On LinkedIn | https://www.linkedin.com/in/jameseleslie/Cambridge Housing Authority | https://www.cambridge-housing.org____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesWatch Live on YouTube: https://www.youtube.com/watch?v=mg6aeYIDNQwLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

For our next Chats On The Road to RSA Conference 2022, we talk about voices, biometrics, metadata, privacy, neurology, deep fakes, and so much more. Join us for a chat to hear how your voice may be doing things for — and against — you in all aspects of life and work.About the RSAC 2022 Session, Can You Hear Me Now? Security Implications of Voice as the New Keyboard"Use of voice as a biometric identifier or as a virtual keyboard is growing. While AI/ML have vastly improved capabilities, there are challenges to relying on voice. Get it right and remove user friction and accelerate input. Get it wrong and introduce new vulnerabilities. As uses for vocal and silent speech recognition emerge and expand, security teams need to consider the potential security risks."with:Rébecca Kleinberger, Voice Researcher at MIT Media Lab [@MIT @medialab] and Disruptive Research Strategist at HARMAN International [@Harman]Jeremy Grant, Managing Director, Technology Business Strategy, Venable LLP [@jgrantindc]Lisa Lee, Chief Security Advisor/Lead for Vertical Industries and Engagement, Microsoft [@Microsoft]Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRébecca KleinbergerVoice Researcher at MIT Media Lab and Disruptive Research Strategist at HARMAN InternationalOn LinkedIn | https://www.linkedin.com/in/rebklein/Website | https://rebeccakleinberger.com/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Can You Hear Me Now? Security Implications of Voice as the New Keyboard: https://www.rsaconference.com/USA/agenda/session/Can%20You%20Hear%20Me%20Now%20Security%20Implications%20of%20Voice%20as%20the%20New%20KeyboardTEDTalk | Why you don't like the sound of your own voice: https://www.ted.com/talks/rebecca_kleinberger_why_you_don_t_like_the_sound_of_your_own_voice____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

For our next Chats On The Road to RSA Conference 2022, we talk about the need to advance our tools, techniques, and our environment to better handle the risks and threats facing our organization. No surprise, say hello to the cloud.About the RSAC 2022 Session with Phillip Wylie | Building a Cloud-Based Pentesting Platform“Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a cloud-based pentesting environment useful to pentesters, red teamers, and bug bounty hunters.”Join us for this conversation, meet Phillip in San Francisco, and start poking at the cloud to make it rain vulnerabilities!____________________________GuestPhillip WylieOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Building a Cloud-Based Pentesting Platform: https://www.rsaconference.com/USA/agenda/session/Building%20a%20Cloud-Based%20Pentesting%20PlatformRecommended Reading Available in the RSAC Bookstore:The Pentester BluePrint: Starting a Career as an Ethical Hacker (ISBN: 978-1-119-68430-5) by Phillip Wylie____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more podcast stories from The Hacker Factory with Phillip Wylie, visit: https://www.itspmagazine.com/the-hacker-factory-podcastTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

Organizations have made little progress in addressing cyber risk. This is in large part because they have viewed the issue with an excessively narrow focus as just a technical/operational issue. This needs to change.To compete in the modern economy, enterprises must engage in digital transformation, which can generate a substantial increase in growth and profitability but can also vastly increase risk. Sure, foundational technical security measures are necessary, but they, alone, are not sufficient to address cyber threats. Cybersecurity must be an enterprise-wide risk management issue built on appropriate understanding, structure, investment, and risk-management methods.Listen in to learn more about why, and how, we need to fundamentally rethink our approach to cybersecurity.____________________________GuestLarry ClintonPresident and CEO of the Internet Security Alliance (ISA) [@isalliance]On LinkedIn | https://www.linkedin.com/in/larry-clinton-20237b4/On YouTube | https://www.youtube.com/channel/UCbeFbrVg-aNu-mMSzsCiYnw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about ISA: https://www.isalliance.orgOn LinkedIn: https://www.linkedin.com/company/internet-security-allianceOn Twitter: https://twitter.com/isallianceOn Facebook: https://www.facebook.com/ISAllianceISA Publications:https://isalliance.org/isa-publications/cyber-risk-oversight-handbook/https://isalliance.org/isa-publications/international-cyber-risk-management-handbooks/Book | Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue: https://www.amazon.com/Cybersecurity-Business-Organization-Wide-Strategies-Ensure-dp-1398606146/dp/1398606146/ref=mt_other?_encoding=UTF8&me=&qid=1648037695____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

For our next Chats On The Road to RSA Conference 2022, we talk about transformation. Which, of course, can't be accomplished without talking about change. Which is constant.About the RSAC 2022 Keynote with Rohit Ghai, Chief Executive Officer of RSA:“Emerging technologies, expanding connections, hidden vulnerabilities: our sector understands that the only constant is change. As the world adapts once again, our industry’s experience shaping transformational shifts will determine the next normal. So let’s review how we’ve evolved, examine our missteps, predict where we’re headed, and start planning our next transformation.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestRohit GhaiChief Executive Officer of RSA [@RSAsecurity]On LinkedIn | https://www.linkedin.com/in/rohitghai/On Twitter | https://twitter.com/rohit_ghai____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Keynote Session | The Only Constant: https://www.rsaconference.com/USA/agenda/session/The%20Only%20Constant____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?Maybe a smart question: Is there an opportunity to be smarter?While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.Listen in to learn more about the RFI  and the role you can have in shaping its outcome.Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.Note: This story contains promotional content. Learn more.____________________________GuestsJohn HoustonVice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/Michael Parisi, VP of Adoption, @HITRUST____________________________Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfiBe sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.____________________________ResourcesNews Release: https://www.hhs.gov/about/news/2022/04/06/hhs-ocr-seeks-public-comment-on-recognized-security-practices-sharing-civil-money-penalties-monetary-settlements-under-hitech-act.htmlIndividuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity____________________________Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

What if we could create the Internet architecture from scratch? You might think that this is a crazy endeavor, but that's exactly what a research team in Zurich, Switzerland, is doing. And for good reason.In today's episode, we are joined by Nicola Rustignoli, a research assistant at the Network Security Group at ETH Zürich, to take a look at the history of the Internet, its purpose, the challenges it has introduced, and the path forward to an Internet that allows for its intent to be met while maintaining scalability, control, and resiliency. Nicola works on making the Internet more secure and reliable with the SCION Architecture and by helping to start the SCION Foundation.SCION was born as a research project 11 years ago, from the research question: how secure can an Internet be? There's a lot to learn from this project.About the SCION ArchitectureSCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.Why a clean-slate design? Why can't we adopt existing solutions? Is it easy to "replace" the Internet?Listen in to learn more about this exciting program.____________________________GuestNicola RustignoliResearch Assistant at ETH Zürich and Founding Engineer at the SCION Association. On LinkedIn | https://www.linkedin.com/in/nicola-rustignoli-830b7512/On Twitter | https://twitter.com/NicorustiOn YouTube | https://www.youtube.com/channel/UCATqViXMlA0cCroLuoJVAGw____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more about SCION: https://scion-architecture.net/On LinkedIn: https://www.linkedin.com/company/78769571On Twitter: https://twitter.com/SCIONassociatioOn Facebook: https://www.facebook.com/SCIONinternetSCION Day 2022 videos: https://scion-architecture.net/pages/scion_day_2022/“The Complete Guide to SCION” is coming out with Springer Verlag in June 2022. An old version is open access and available on scion-architecture.netThe White House & 50 more countries recently released a Declaration for the Future of Internet: https://www.whitehouse.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet_Launch-Event-Signing-Version_FINAL.pdfThe FCC recently launched an inquiry about routing security: https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Dr Chris Pierson has held many roles and has been a regular speaker at RSA Conference over the years. What's he up to this year as the event goes back to in-person engagements?As the CEO of BlackCloak, Chris Pierson is looking forward to connecting with peers, partners, customers, and prospects as the world of executive cybersecurity heats up. In addition to seeing friends old and new, Dr Pierson has two sessions in which he will be participating. He shares some insights into both of these sessions. Here's a snippet for each:Collateral Damage: Prepping Your Organization for a Supply Chain AttackSupply chain risks can allow a backdoor into a company. This learning lab will focus on a fast moving scenario that examines risks to a company from hardware and software and will focus on the (1) risk assessment, (2) governance, and (3) response and isolation phases. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate. A Learning Lab with James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLPHacking Back – To Be or Not to Be?Are there options to hack back for ransomware attacks? Without deterrence for ransomware attacks it is unlikely there will be changes to the risk equation that hackers think through. We’ll discuss legal, ethical, operational, and security issues surrounding hacking back and give some insight into potential pitfalls for getting attribution incorrect or causing collateral damage. A law track session with Giorgi Gurgenidze, Founder, GSI Partners and James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP.Chris has some other things up his sleeve as well. Can you say MySpace? 🤔Note: This story contains promotional content. Learn more.GuestChris PiersonOn Linkedin 👉 https://www.linkedin.com/in/drchristopherpierson/On Twitter 👉 https://twitter.com/drchrispierson____________________________Learn more about BlackCloak and their offering: https://itspm.ag/itspbcwebConnect with BlackCloak at RSA Conference: https://itspm.ag/94949aWatch the video here: https://youtu.be/rqu47E8ryXYFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22spAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

For our second Chats On The Road to RSA Conference 2022, we talk about a critical cybersecurity initiative led by the World Economic Forum and the Cyber Threat Alliance. It is about mapping the cybercrime ecosystem and its corresponding panel during this year's conference.Sean and Marco are honored to introduce and tease this important upcoming session on their traditional "Chats On The Road to RSA Conference 2022" with guests: Michael Daniel & Tal Goldstein.About the session:“Although cybercrime is now a national security threat, our understanding of the cybercriminal ecosystem remains limited. The industry needs a holistic map to conduct effective disruption, allocate resources efficiently, and impose meaningful costs on criminal actors. The WEF has initiated a project to develop this map. This panel will discuss the mapping project’s results to date and where it is going.”RSAC 2022 Panel WithMichael DanielModerator | President and Chief Executive Officer, Cyber Threat AllianceTal GoldsteinPanelist | Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre for CybersecurityAmy Hogan-BurneyPanelist | Associate Counsel and General Manager, Digital Crimes Unit, MicrosoftDerek MankyPanelist | Chief of Security Insights & Global Threat Alliances, FortinetTune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsMichael DanielPresident and Chief Executive Officer, Cyber Threat Alliance [@CyberAlliance]On LinkedIn | https://www.linkedin.com/in/j-michael-daniel-7b71a95/On Twitter | https://twitter.com/CyAlliancePrezTal GoldsteinHead of Strategy, Centre for Cybersecurity, World Economic Forum Centre [@wef] for Cybersecurity [@WEFCybersec]On LinkedIn | https://www.linkedin.com/in/tal-goldstein-a7191296/____________________________This Episode’s SponsorsHITRUST: 👉https://itspm.ag/itsphitwebCrowdSec: 👉https://itspm.ag/crowdsec-b1vpBlue Lava: 👉https://itspm.ag/blue-lava-w2qsBlackCloak 👉https://itspm.ag/itspbcweb____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | Mapping the Cybercriminal Ecosystem: https://www.rsaconference.com/USA/agenda/session/Mapping%20the%20Cybercriminal%20Ecosystem____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

GRC is comprised of the ethical management of an organization combined with the organization’s ability to identify, quantify, and manage risk, along with the ability to demonstrate compliance for these things in connection with internal, industry, and regulatory standards, frameworks, and requirements. If defined, implemented, and managed correctly, the organization should be in a strong position to withstand operational challenges and threats they face driven by forces such as market dynamics, competitive landscape, employee behavior, breaks in the supply chain, and exposure to cyberattacks.Join us for this conversation where we will discuss:◾️ What is the current definition of GRC◾️ What are the objectives of GRC plan◾️ What components make up a GRC plan◾️ Who owns the plan, who are the key stakeholders◾️ How does a GRC plan get defined and implemented◾️ What outcomes can a company expect to achieve◾️ How does an organization define and measure success with their GRC plan____________________________GuestKouadjo BiniInformation Security Officer of American State Bank and Trust and Founder Infosec TattleOn LinkedIn | https://www.linkedin.com/in/kentia-bini/On LinkedIn | https://www.linkedin.com/company/infosectattleOn Twitter | https://twitter.com/infosec_tattle____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesAssessing cyber risk in M&A: https://www.ibm.com/downloads/cas/RJX5MXJDNIST risk management framework: https://csrc.nist.gov/projects/risk-management/about-rmf____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/governance-risk-and-compliance-protecting-the-business-with-policies-controls-and-audits-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

How can an industry have so much data and information yet still lack the knowledge necessary to make quick, meaningful, impactful decisions? There could be many reasons, but one is no longer a missing intelligence-sharing platform.In this second chapter of our conversation with CrowdSec CEO, Philippe Humeau, we invite The Hacker Maker, Phillip Wylie, to bring his penetration testing experience and insights. Together we explore the value of investing in the cybersecurity community information sharing platform as a way to do way more than protect your organization. By doing so, we can help secure other businesses and whole communities in the neighbors around you, such as a local hospital that could experience an attack that you've already seen on your network.The value of investing in the security knowledge sharing economy directly impacts IT operations, security operations, businesses, society, and, therefore, humanity.Join us for a philosophical yet fun, thought-provoking conversation that will likely prompt you to not only share this podcast with your friends, colleagues, and peers but also start sharing your cybersecurity insights with your digital neighbors through the power of the CrowdSec platform.Note: This story contains promotional content. Learn more.GuestsPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeauPhillip WylieOn ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/investing-in-the-crowd-means-investing-in-society-and-humanity-a-crowdsec-story-with-philippe-humeau-and-phillip-wylieAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The rise of digitalization has led to more interconnected rail systems. While this has propelled forward our trains and metros at some seriously high speed, it has also dramatically expanded the threat landscape.In response, governments around the world are racing to implement measures that promote technological advancements for these rail systems whilst assuring that the systems are protected and secure. Sure, it's easy to think about providing timely service, operating efficiently, delivery comfort, keeping up constant communications, and more – but what really matters is that these digital data centers remain safe as they travel between and arrive at various stations both out in the sticks and in the heart of the cities.Where does this leave rail companies? What steps should they take in the event of a cyberattack?Listen in as Sean speaks with Amir Levintal as they get on track as they dig into the elements of the rail systems from the sensors to the tracks to the WiFi and more. It doesn't take long before they jump the rails to test the boundaries of reality.____________________________GuestAmir LevintalCEO and CoFounder of Cylus Cybersecurity [@cylus_security]On LinkedIn | https://www.linkedin.com/in/amir-levintal/On Twitter | https://twitter.com/amirlevintal____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesUnderstanding IEC 62443: https://www.iec.ch/blog/understanding-iec-62443European Standard CLC/TS 50701 Railway applications - Cybersecurity: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/Train of Consequences: The Real Cost of Rail Cybersecurity Incidents: https://www.cylus.com/post/the-real-cost-of-rail-cybersecurity-incidentsThe Long-Term Effects of Log4Shell on Railway Systems: https://www.cylus.com/post/log4shell-effect-railway-systems____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Consumers worry about sharing data online, yet most feel they have “no choice” but to share their data if they want to use online services. It's a catch 22 — and it is not a bus.Trust is waning. A majority of consumers, globally, say that trust in the many digital service providers’ ability to keep their personal data secure has decreased over the past five years.Still, despite serious concerns, most consumers share their darkest secrets online via cloud messaging services even though they recognize there would be repercussions for them if the information they shared was leaked.No question, it's a catch 22. But what do we do? That's the catch. Again.Have a listen to learn more about the connections and responsibilities between consumers and the businesses they rely upon to live their digital lives.Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Report | No Silver Linings: Insights into global consumers’ perception of trust, data security, and privacy in the digital world:https://itspm.ag/impervpovwAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

We are thrilled to kick off our event coverage for our first Chats On The Road to RSA Conference 2022 with our good friends to us to give the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, venue, sessions, speakers, expo hall, community event, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsLinda Gray MartinVice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta GladeSenior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittagladeCecilia Murtagh MarinierCybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebCrowdSec: https://itspm.ag/crowdsec-b1vpBlue Lava: https://itspm.ag/blue-lava-w2qs____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________Catch the video here: https://youtu.be/UitxhJn2GpsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

Your organization has precious resources all over the place: on-premises in the data center on servers and in databases; in the office, at home, on the road on desktops, laptops, tablets, mobile phones, and smart devices; in the cloud inside containers, applications, and a variety of storage services.Assuming you have identified and verified the person and/or system and/or service as a valid entity, how do you ensure they only have access to these resources, when they need them, from the location they need them, from the system they are requesting them, and at the time they are requesting them? This challenge is much more complex than ensuring a user is set up in the directory and has entered a valid password. That’s what this discussion is going to be all about.Join us for this session as we explore the following points:◾️ What does “secure access” mean to security, to ops, to the users, to the business?◾️ Does the conversation and language need to change between groups?◾️ How and where is secure access managed?◾️ How to deal with the systems, applications, and data?◾️ How does it fit in with Risk Management and SecOps?◾️ What are some key challenges orgs face?◾️ What are some of the core elements many orgs leave out?◾️ Are there processes and/or tools to make things easier?◾️ Any best practices or tips to simplify the program?____________________________GuestsShinesa CambricIdentity Champion at Identity Defined Security Alliance [@idsalliance] | Principal Product Manager for Emerging Identity at Microsoft [@Microsoft]On LinkedIn | https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa®-0480685/On Twitter | https://twitter.com/Gleauxbalsecur1John Sapp JrVP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]On LinkedIn | https://www.linkedin.com/johnbsappjrOn Twitter | https://www.twitter.com/czarofcyber____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesIdentify Defined Security Alliance Best Practices: https://www.idsalliance.org/identity-defined-security-framework/best-practices/Enterprise Risk - Engaging Others: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/addressing-risk-using-the-new-enterprise-security-risk-management-cycle____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/secure-access-and-authorization-keeping-precious-resources-safe-from-prying-eyes-and-bad-actors-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.The 5 RRCoP GoalsGoal 1: Build a CommunityThe Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.Goal 2: Collect and Share ResourcesEstablish a leadership training and development program accelerating availability of distributed university resources.Goal 3: Advocate and NegotiateDevelop representation through strategic partnerships with industry and government entities.Goal 4: Manage ChangeThe Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.Goal 5: Simplify ComplianceA collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.____________________________GuestsCarolyn EllisCMMC Program Manager at UC San Diego [@ucsandiego]On LinkedIn | https://www.linkedin.com/in/carolynellis1/Erik DeumensResearch Computing Director, Information Technology at University of Florida [@UF]On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/Michael Parisi, VP of Adoption, @HITRUST____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988____________________________ResourcesRegulated Research Community of Practice: https://www.regulatedresearch.org/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In this episode, NIST Fellow, Ron Ross, and Pepperdine Graziadio Business School Advisory Board Member, Howard Miller, join the show to discuss risk assessment, reward analysis, and security management in the age of advanced technology and complex system innovation.To secure a system, the sum of all of its parts must also be secure. This includes firmware, applications, APIs, networks, communications, storage, and more. Each complete system is often comprised of multiple subsystems, making it unique and bringing with it its own risk profile different from all other systems.Join us as we explore the concept of analyzing the reward in connection to the risk as a means to help make better risk-vs-reward decisions in support of securely fostering innovation as opposed to stifling innovation out of fear, uncertainty, and doubt.____________________________GuestsRon RossFellow at National Institute of Standards and Technology (NIST) [@NIST]On Twitter | https://twitter.com/ronrossecureOn LinkedIn | https://www.linkedin.com/in/ronrossecure/Howard MillerSVP, Director at Tech Secure and Adjunct Professor and Advisory Board Member at Pepperdine Graziadio Business School Cyber Risk Professional Certification [@Pepperdine / @GraziadioSchool]On LinkedIn | https://www.linkedin.com/in/howardmillerrisk/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesERMO - Enterprise Risk Management Optimization: https://link.springer.com/article/10.1007/s10669-021-09819-xSAE Cyber Physical Systems Security Engineering Plan (CPSSEP) JA7496: https://www.sae.org/standards/content/ja7496/?_ga=2.203579798.760907735.1641314977-1116152771.1641314951NIST Systems Engineering Group: https://www.nist.gov/el/systems-integration-division-73400/systems-engineering-group____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We may see new "graph" processors in the future that can better handle the data-centric computations in data science. Will that be enough?About DavidDavid A. Bader is a Distinguished Professor in the Department of Computer Science and founder of the Department of Data Science and inaugural Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology.____________________________GuestDavid BaderDistinguished Professor and Director, Institute for Data Science, New Jersey Institute of Technology [@NJIT]On Twitter | https://twitter.com/Prof_DavidBaderOn LinkedIn | https://www.linkedin.com/in/dbader13/On Facebook | https://www.facebook.com/ProfDavidBaderWebsite: https://davidbader.net/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesGitHub: https://github.com/Bader-ResearchArkouda: https://github.com/Bears-R-Us/arkoudaNJIT Institute for Data Science: https://datascience.njit.edu/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In a world where everything is connected and interdependent, complexity has become part of our very way of life, and it must be part of our way of thinking. But, especially when we look at infrastructure security, the boundaries between analog and digital, physical and cyber, are simply not there anymore.In today's conversation, we discuss the importance of looking at our society, economy, and security as a complex system of interdependent subsystems. Everything is connected, and we are not just referring to IoT.From bridges to nuclear plants, to the President's car, and all the way up to space, the security assessment of critical infrastructure is not a checklist but a mindset. About The BookAs a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report?This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.____________________________GuestErnie HaydenOn LinkedIn | https://www.linkedin.com/in/enhayden/Publisher's Twitter | https://twitter.com/RothsteinPub____________________________ResourcesBook: https://www.rothstein.com/product/critical-infrastructure-risk-assessment-the-definitive-threat-identification-and-threat-reduction-handbook/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Every organization has exposure to risk. Every organization experiences events that cross over the risk threshold to quickly realize they are facing an incident head-on.It's how the organization prepares for these situations that matter most. Preparation is so much more than recognizing that a disaster might occur. It's also more than having a documented plan draft months (maybe even years ago) that, if activated, would prove worthless—or worse—counterproductive such that the disaster turns into an all-out crisis. A disaster doesn't need to result in a crisis, and that's what we will cover in this episode—how to keep the business running without killing the business in the process.Join us for this session as we explore the following points:◾️ What is a disaster?◾️ Goals of a disaster recovery plan◾️ How to build a functional plan◾️ Who builds it?◾️ Who validates it?◾️ What is in the plan◾️ How does a BC/DR plan fit into your IT/IS programs (IR, for example)◾️ Testing/Tabletop exercises____________________________GuestsDr Rebecca WynnChief Cybersecurity Strategist & CISO at Click Solutions GroupOn LinkedIn | https://www.linkedin.com/in/rebeccawynncisspGayle AndersGlobal Business Continuity Program Manager at Netflix [@netflix]On LinkedIn | http://linkedin.com/in/gayle-anders-business-continuity-professional____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________Resources____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/business-continuity-building-and-operationalizing-a-functional-disaster-recovery-plan-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Data is the fuel that powers the business. What are organizations doing to protect it?Organizations have become the custodians of critical information needed to remain competitive and sensitive information that their customers have entrusted them with. While some organizations have taken this responsibility seriously, governments (state, federal, and international) have had to step in to help guide companies on how best to safely manage this data. There are a ton of rules to follow balanced with a ton of business goals to achieve. That's where a data security strategy and data security program come into play. But, what is data protection and how does it impact the business operations.Join us for this session as we explore the following points:◾️ Roles ◾️ Policies◾️ Controls◾️ Assessment◾️ Demonstrating posture◾️ Maintenance and tuning◾️ Advice for the future____________________________GuestsChris DaskalosData Protection Lead at University of Southern California [@USC]On LinkedIn | https://www.linkedin.com/in/chrisdaskalosAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesData Security Roadmap Example: https://docs.google.com/presentation/d/1t6otQ5a8h3d8euN6bnzCZMxhPcKtVUKf/edit#slide=id.p1____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/creating-a-data-security-strategy-and-operationalizing-a-mature-data-security-program-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory  this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor’s health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As the CISO role has revolved from chief security engineer to cyber risk advisor, successful CISOs are focusing on culture, strategy, and leadership.  Let's discuss some real-world observations and explore some tips for what can prove to be successful across a variety of industries.In addition to the fantastic conversation, there are a ton of resources that Rock and Dutch have provided. Have a listen, and then dig into the articles and reports to keep the learning going.____________________________GuestsDutch SchwartzPrincipal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On Twitter | https://twitter.com/dutch_26On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Clubhouse | @dutchzillaRock LambrosCEO at RockCyber [@rockcyberllc], Cybersecurity Leader, and Co-Author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives"On Twitter | https://twitter.com/rocklambrosOn LinkedIn | https://www.linkedin.com/in/rocklambros/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesCulture feels "squishy" post on LinkedIn: https://www.linkedin.com/posts/dutchschwartz_unicornsecuritysquad-ciso-cybersecurity-activity-6850499679394807808-Mc7YThe Role Of A CISO In Creating A Strong Security Culture: https://www.eccu.edu/the-role-of-a-ciso-in-creating-a-strong-security-culture/Use Networks to Drive Culture Change: https://sloanreview.mit.edu/article/use-networks-to-drive-culture-change/Why Does Culture 'Eat Strategy For Breakfast'?: https://www.forbes.com/sites/forbescoachescouncil/2018/11/20/why-does-culture-eat-strategy-for-breakfast/The EI Advantage: Driving Innovation and Business Success through the Power of Emotional Intelligence: https://hbr.org/sponsored/2019/08/the-ei-advantage-driving-innovation-and-business-success-through-the-power-of-emotional-intelligenceBuilding a Model of Organizational Cybersecurity Culture by Identifying Factors Contributing to Cybersecure Workplaces: http://web.mit.edu/smadnick/www/wp/2020-05.pdfThe Leader’s Guide to Corporate Culture: https://hbr.org/2018/01/the-leaders-guide-to-corporate-cultureWhy Every Executive Should Be Focusing on Culture Change Now: https://sloanreview.mit.edu/article/why-every-executive-should-be-focusing-on-culture-change-now/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days." How is that helpful?It isn't. It could actually be counter-productive.With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.____________________________GuestMick DouglasInfoSec Innovations | SANS Principal Instructor | IANS FacultyOn Twitter | https://twitter.com/bettersafetynetOn LinkedIn | https://www.linkedin.com/in/mick-douglas/____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebArcher: https://itspm.ag/itsphitweb____________________________ResourcesInspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960National Council of ISACs: https://www.nationalisacs.org/Other social posts mentioned:https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBdhttps://twitter.com/hackinglz/status/1497035113170886656____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships