CYBRIC’s CTO and Co-founder Mike Kail Explores DevSecOps

Published on by Ken HessLeave a comment

CYBRICCYBRIC CTO and Co-founder Mike Kail and I connected to discuss DevSecOps. First, Mike tells us what DevSecOps is and why we need it. We talk about the advantages and disadvantages (although we couldn’t really think of any compelling disadvantages) of changing the corporate culture of DevOps to include security. DevSecOps is really fixing the corporate mindset to include security in all facets of operations. It puts forth the radical notion that security is everyone’s responsibility. And, although I’m being a bit sarcastic with that previous comment, I do believe that for some companies and some individuals that this notion of everyone owning security is radical.

CTO Mike KailIt shouldn’t be. Security affects us all. It affects us to the tune of $16+ billion in losses due to credit card fraud and identity theft. And that number grows every year.

Listen to the podcast for more details on DevSecOps and how you can help change the culture at your company to make security a priority for everyone.

Podcast details:

Length: 16:52 mins. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.

 

Exabeam’s Chief Security Strategist Steve Moore discusses Post-breach Cleanup

Published on by Ken HessLeave a comment

ExabeamI spoke with Exabeam‘s Chief Security Strategist, Steve Moore, about post-breach cleanup, specifically related to the healthcare industry. Steve and I discussed why the healthcare industry is a prime target for hackers, what steps to take after a breach, and some preventative steps. Post-breach cleanup can seem daunting and as we say in the podcast, “How do you know what’s clean?” The problem with breaches is that you don’t know what’s clean nor do you always know to what depth the breach has penetrated. I think it’s best to wipe a system clean and reimage it from scratch rather than trying to poke and prod your way through the maze of malware, backdoors, fake user accounts, and other persistent threats that remain after a breach. Opinions differ in this area but the peace of mind that comes with installing fresh is far more valuable and often less time-consuming that individually examining thousands of files, filesystems, and backups for elusive infections.

Podcast details:

Length: 23:53 mins. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecuritNOW Podcast Show. License: CC BY.

Anaconda’s Mathew Lodge Sheds Light on Software Supply Chain Security

Published on by Ken HessLeave a comment

AnacondaI spoke with Anaconda‘s SVP of Products and Marketing, Mathew Lodge, about software supply chain security. We covered such topics as how to protect the software supply chain, CCleaner, and the deliberately corrupted Python libraries in the Python Package Index (PyPI), Python’s public package repository. Mathew is very knowledgeable about the software development lifecycle, the software supply chain weak spots, and where attackers can inject malicious code into those processes and procedures.

We invite you to listen in and get involved in the conversation because these vulnerabilities affect us all and the viability of our current and future software projects. Ubiquitous software libraries, such as those that the Python project provides to thousands of open source and proprietary applications is a single, but not an isolated, example of what can happen.

Podcast details:

Length: 21:38 minutes. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.

Scott Youngs Key Information Systems CIO: Everyone Needs Cybersecurity Education

Published on by Ken HessLeave a comment

Key Information SystemsScott Youngs, CIO of Key Information Systems, and I spoke about how everyone in your company needs cybersecurity training. And not just an annual refresher either. Everyone needs continuous training and feedback on that training to maintain vigilance and awareness of actual threats to corporate security.

Scott and I suggest keeping security in front of everyone with a multi-phase approach:

  • Formal training (Classroom, scenario, webinar)
  • Email reminders
  • Informal training (Signage, policies)
  • Involvement (Discussions)

Scott Youngs CIO Key Information Systems Employees can fall prey to phishing and social engineering schemes, even if they’ve just gone through training. Regular scenario-based training works quite well to keep employees safe and your network secure. We understand that security training and vigilance requires dedication and resource commitment. We’re not unsympathetic to the resources required. There are a lot of free and unobtrusive things you can do to maintain a secure environment. There’s plenty of free training and information available to you.

One final point that Scott made and I repeated in the podcast is that you have to customize security training for your employees. For example, retail employees have different security training needs than manufacturing employees do. Similarly, C-level employees have different security training needs than IT department employees do.

Key Information Systems covers Southern California but also has clients in other regions as well. If you require assistance for your security needs, please go to keyinfo.com and select a Contact Us link to engage their capable staff.

Podcast details:

Length: 18:36 minutes. Format: MP3. Rating: G.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

Ken “The Virus Doctor” Dwight on Malware Threats at SpiceWorld 2017

Published on by Ken HessLeave a comment

The Virus DoctorKen “The Virus Doctor” Dwight and I sat down at SpiceWorld 2017 to discuss ransomware and other malware threats to you and your security. Ken Dwight has been in the cybersecurity business for as long as cybersecurity has been a thing and long before anyone coined the term, cybersecurity.

Ken also offers his book and a Virus Remediation class from his website. He has helped many companies recover from virus infestations, ransomware attacks, and various malware infections. He is a consultant, a speaker, and a practitioner in the dark art of virus killing.

It was a pleasure to speak with Mr. Dwight on camera at SpiceWorld 2017.

Copyright 2017 The SecurityNOW Show. License: CC BY.

Data Science and Security with SOPHOS Data Scientist Hillary Sanders

Published on by Ken HessLeave a comment

SOPHOSHillary Sanders and I sat down for a chat at SpiceWorld 2017 in Austin about data science and security. We discussed the ins and outs of data science, machine learning, neural networks, and how this data helps security researchers. Ms. Sanders is a data scientist and data science researcher at SOPHOS. As you’ll see in the video, she loses me in part of the discussion. I’m very familiar with biological neural networks but the computer ones are pretty complex. These neural networks and their reliance on big data is the significant first step toward some pretty impressive artificial intelligence (AI) possibilities.

Although Elon Musk and Stephen Hawking have warned us about the future of AI, I think that AI is the true future of computing. And I’ve thought so for a very long time, beginning back in the day when I wanted to learn LISP and Prolog programming. Unfortunately, I did not have the financial resources to learn those languages at the time. I digress.

Hillary explains data science and her work in such a way that I hope many more young people will be inspired to follow her into this next exciting chapter of computing. She is also an accomplished artist and you should view her work at hillarysanders.com. Her site isn’t just art, it’s also about her work as a data scientist and a programmer. Check out the Cheatsheets page.

Copyright 2017 SecurityNOW. License: CC BY.

Online Shopping Hazards with guest WWPass VP of Strategy Perry Chaffee

Published on by Ken HessLeave a comment

Perry Chaffee of WWPassPerry Chaffee, WWPass VP of Strategy, and I turn our attention toward online shopping because it is the holiday shopping season and security is a big concern, or should be, for anyone making online purchases. You don’t want your shopping experience to be tainted with unusual charges, identity theft, or account compromise of any kind. For these reasons, you need to be aware of your shopping experience and your security.

Here are a few guidelines that Perry and I talk about during the podcast:

  1. Use a strong password.
  2. Use a password manager.
  3. Use a credit card rather than a debit card for purchases.
  4. Enable two-factor authentication for better security.
  5. Before entering passwords or credit card information, look for the https in your browser’s URL.
  6. Close your browser after shopping on a site and reopen it for your next purchase.
  7. Be sure that the site you’re on is the one you want to use.
  8. Never give anyone your password over the phone.
  9. Be VERY careful of links embedded in emails as they can look very similar to real sites.
  10. Be aware of your surroundings and don’t speak your credit card information out loud in public places.

WWPassThis is not a sponsored podcast but WWPass is a commercial security solution for individuals and businesses to help keep all your online transactions and shopping experiences secure.

Length: 18:02 minutes. Format: MP3. Rating: G

Please contact us for sponsorships, sponsored posts, and videocasts.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.