CYBRIC’s CTO and Co-founder Mike Kail Explores DevSecOps

CYBRICCYBRIC CTO and Co-founder Mike Kail and I connected to discuss DevSecOps. First, Mike tells us what DevSecOps is and why we need it. We talk about the advantages and disadvantages (although we couldn’t really think of any compelling disadvantages) of changing the corporate culture of DevOps to include security. DevSecOps is really fixing the corporate mindset to include security in all facets of operations. It puts forth the radical notion that security is everyone’s responsibility. And, although I’m being a bit sarcastic with that previous comment, I do believe that for some companies and some individuals that this notion of everyone owning security is radical.

CTO Mike KailIt shouldn’t be. Security affects us all. It affects us to the tune of $16+ billion in losses due to credit card fraud and identity theft. And that number grows every year.

Listen to the podcast for more details on DevSecOps and how you can help change the culture at your company to make security a priority for everyone.

Podcast details:

Length: 16:52 mins. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.

 

Exabeam’s Chief Security Strategist Steve Moore discusses Post-breach Cleanup

ExabeamI spoke with Exabeam‘s Chief Security Strategist, Steve Moore, about post-breach cleanup, specifically related to the healthcare industry. Steve and I discussed why the healthcare industry is a prime target for hackers, what steps to take after a breach, and some preventative steps. Post-breach cleanup can seem daunting and as we say in the podcast, “How do you know what’s clean?” The problem with breaches is that you don’t know what’s clean nor do you always know to what depth the breach has penetrated. I think it’s best to wipe a system clean and reimage it from scratch rather than trying to poke and prod your way through the maze of malware, backdoors, fake user accounts, and other persistent threats that remain after a breach. Opinions differ in this area but the peace of mind that comes with installing fresh is far more valuable and often less time-consuming that individually examining thousands of files, filesystems, and backups for elusive infections.

Podcast details:

Length: 23:53 mins. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecuritNOW Podcast Show. License: CC BY.

Anaconda’s Mathew Lodge Sheds Light on Software Supply Chain Security

AnacondaI spoke with Anaconda‘s SVP of Products and Marketing, Mathew Lodge, about software supply chain security. We covered such topics as how to protect the software supply chain, CCleaner, and the deliberately corrupted Python libraries in the Python Package Index (PyPI), Python’s public package repository. Mathew is very knowledgeable about the software development lifecycle, the software supply chain weak spots, and where attackers can inject malicious code into those processes and procedures.

We invite you to listen in and get involved in the conversation because these vulnerabilities affect us all and the viability of our current and future software projects. Ubiquitous software libraries, such as those that the Python project provides to thousands of open source and proprietary applications is a single, but not an isolated, example of what can happen.

Podcast details:

Length: 21:38 minutes. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.

Ken “The Virus Doctor” Dwight on Malware Threats at SpiceWorld 2017

The Virus DoctorKen “The Virus Doctor” Dwight and I sat down at SpiceWorld 2017 to discuss ransomware and other malware threats to you and your security. Ken Dwight has been in the cybersecurity business for as long as cybersecurity has been a thing and long before anyone coined the term, cybersecurity.

Ken also offers his book and a Virus Remediation class from his website. He has helped many companies recover from virus infestations, ransomware attacks, and various malware infections. He is a consultant, a speaker, and a practitioner in the dark art of virus killing.

It was a pleasure to speak with Mr. Dwight on camera at SpiceWorld 2017.

Copyright 2017 The SecurityNOW Show. License: CC BY.

Absolute’s Global Security Strategist Richard Henderson discusses 2018’s Security Threats

Richard HendersonRecurring guest Richard Henderson (Global Security Strategist for Absolute) and I discuss what we think are the greatest threats to security in 2018. We ponder ransomware, standard threats, cryptocurrencies, and other advanced persistent threats.  Richard and I agree that 2018 will be another significant security threat year. One thing to note is that while attackers are more persistent, there are some threats that are actually waning such as certain types of ransomware, viruses, and malware that’s easily stopped by smarter browsers, host-based firewalls, and operating system security. That said, we don’t expect attacks to decrease in 2018.

As always, our podcasts are licensed CC BY and are rated G for all audiences and venues.

Length: 29:07 minutes. Format: MP3. Rating: G.

Please contact us for sponsorships, sponsored posts, and videocasts.

ClearSky Data CTO and Co-founder Laz Vekiarides Discusses a New Approach to Cloud Storage

Laz VekiaridesLaz Vekiarides, CTO and Co-founder of ClearSky Data and I discuss a new approach to cloud storage–which deprecates the old 3-2-1 rule of making backups. Every year businesses consume more and more expensive disk space to copy, re-copy, and store data as backups, as disaster recovery, and for archival purposes. Preventing that waste is the main thrust of ClearSky Data’s primary storage, cloud backup, and disaster recovery solutions. The service is elastic and uses a “pay-as-you-use” philosophy.

Laz explains why this solution is more economical for your business and also makes your business more resilient to failure. We discuss a paradigm shift in backup methodology and the importance of business continuity.

Podcast details:

Length: 21:36 minutes. Format: MP3. Rating: G for all audiences.

ClearSky allows enterprises to access all data wherever it’s needed, on-prem or in the cloud, without ever needing to replicate the data. That’s right, no more making copies. The ClearSky service is fully elastic; pay for only what you use and scale up or down on-demand.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

A Ransomware Discussion with Absolute’s Richard Henderson (Podcast)

RansomwareRichard Henderson, The Global Security Strategist for Absolute, and I spoke about the global Ransomware threat, its prevention, and what to do if you’re victimized by an attack. Richard and I disagree a bit on what you should do if you’re a Ransomware victim. I say that you should never pay. He says that there are circumstances where it makes more sense to pay the ransom.

I write the introductory column for ADMIN magazine and in the most recent issue (Number 40), I wrote about this very topic. I titled it, “Feeding Seagulls is Wrong.” It is a light-hearted look at feeding seagulls, which I compare to ransomware writers. To me, paying ransomware writers is like feeding seagulls: You’re down a bag of Cheetos (Some amount of Bitcoin) and the seagulls (Ransomware writers) are never satisfied.

Listen to the podcast. Read my column. Make a decision. And feel free to tweet me @kenhess to start a discussion.

Podcast details:

Length: 24:11 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 The SecurityNOW Podcast Show. CC BY.