SSH Communications Founder Tatu Ylönen Speaks on IoT Security (Podcast)

SSH CommunicationsPreston and I had the rare honor of speaking with SSH Communications founder, Tatu Ylönen about IoT device security. For those of you who don’t know, Tatu Ylönen is the inventor and original programmer of the SSH protocol. There’s absolutely no one in the world more qualified to speak on security than Tatu.

Tatu YlönenHe single-handedly protected us all from plain text transmissions and essentially destroyed the old Telnet protocol for good. In this podcast, we discuss the importance of IoT security. IoT security has traditionally been ignored because the few devices that existed weren’t particularly vulnerable to hacking either because no one cared or no one had access to the hardware and software to do so. That’s no longer true. Everyone has access to exploitation tools and the time for focusing on a more secure IoT has arrived.

For IoT manufacturers, you should listen carefully to Tatu’s advice and insights. Some of these devices and networks carry high-value data, including possibly personal data and that needs to be protected.

Podcast details:

Length: 14:43 minutes. Format: MP3. Rating: G for all audiences.

A special thanks to Tatu Ylönen and to the Nadel Phelan agency for connecting us.

The New NIST Password Guidelines with Absolute’s Richard Henderson (Podcast)

AbsolutePreston and I discussed the new NIST password guidelines with our regular guest, Richard Henderson of Absolute. In this podcast, we cover the guidelines and what they might mean to you, especially if you’re a web application developer. If you’re not a developer, you might still have an opinion as a user. The new guidelines are a very positive step forward for government agencies and for private ones as well. Password security has been taken for granted for too long but can no longer be ignored. Security experts can spout all the best practices that they can think of but those best practices are only good if they’re put into practice.

We also discuss the costs that might arise from retrofitting current applications vs. tackling the problem from the beginning. Richard has some very important insights to consider when going forward with these guidelines.

Podcast details.

Length: 28:20 minutes. Format: MP3. Rating: G for all audiences.

What To Do in the First 48 Hours After a Breach with Absolute’s Richard Henderson (Podcast)

AbsoluteYou might remember Richard Henderson, Absolute’s Global Security Strategist from our March 21, 2017, podcast covering Enterprise Security Trends. Richard joins us again to discuss what to do after you discover a breach and why the first 48 hours are so important. You’ll also hear Preston and me disagree about first steps to take after you discover a breach.

In this podcast, Richard gives us an overview of how companies should handle breach announcements, responsibility for breaches, and his best advice for companies that have experienced a breach.

Podcast details:

Length: 20:31 minutes. Format: MP3. Rating: G for all audiences.

We’re hoping that Richard will continue to join us on a regular basis to discuss timely security topics that affect you and your business operations. If you have questions that you’d like to have us ask Richard or any of our guests, please use the Contact Form and let us know. We’re also open to new show topics and guests.

BigID CEO Dimitri Sirota Discusses GDPR (Podcast)

BigIDPreston and I had the pleasure of speaking with BigID CEO Dimitri Sirota about General Data Protection Regulation (GDPR) and what it means to American businesses. We discussed several topics surrounding compliance such as dealing with GDPR and EU businesses, costs of compliance, pain points, where to find more information, and some solutions.

The main point of GDPR is to give users control of their personal data. For one, GDPR requires explicit permission from the data owner to allow personal data to be used. GDPR also includes the right to be forgotten or erased, which is a big topic of discussion for Preston and me.

In the US, public records can be scraped by anyone with the money to pay for the service. If you don’t understand what I mean, open a browser and type in your name. Google will return a few dozen hits with links to companies that will sell all public information about you to scammers, thieves, blackmailers, and others who have less than savory intentions.

These sources have access to your home address, former addresses, family member names, ages, dates of birth, court cases, arrests, traffic violations, and much more. You’ll be shocked. I’ve attempted to remove myself from as many of these lists as possible because I feel it’s a violation of my privacy and of my right to privacy. The European Union (EU) agrees.

Podcast details:

Length: 25:44 minutes. Format: MP3. Rating: G for all audiences.

I have to apologize for my sound quality. It only affected my microphone. My gain was too high. Preston and I didn’t discover the problem until after the interview, which is really too late to do anything about it. I tried to fix it but had little luck in doing so. We have since resolved the issue.

Enjoy and stay secure.

Enterprise Security Trends with Absolute’s Richard Henderson (Podcast)

AbsolutePreston and I discussed security trends with Absolute‘s Global Security Strategist, Richard Henderson (@richsentme) on St. Patrick’s Day eve. Unfortunately, the whole thing took place via Skype rather than at Doolin’s. Hey, some people work for a living and can’t always get to the fun right away or even on the day after. 

Some of the topics covered by our broad swipe at enterprise security trends were two-factor authentication, advanced persistent threats, SSO, and insider threats. We also touched on Absolute’s strategy for protecting you, your applications, and your entire enterprise from security threats.

Richard is one of the best guests we’ve ever had on the show and we hope that he’ll return to discuss Absolute’s products in more depth and to discuss other timely security topics.

Podcast details:

Length: 23:46 minutes. Format: MP3. Rating: G for all audiences.

Remember, our podcasts are licensed CC BY.

March 2017 – Cybersecurity Spring Cleaning Month

Cybersecurity Spring CleaningPreston and I discuss doing some cybersecurity spring cleaning. This podcast lists some areas of security you might not have considered while doing your spring cleaning–but you should. We cover software updates, public WiFi and its dangers, app security and private information, in-app purchases, saved credit card information, and webcam paranoia.

Don’t miss this important podcast that will help you prevent theft and protect your privacy.

Podcast details:

Length: 19:51 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 SecurityNOW Open Source License: CC BY

March 2017 Week 2 – Week in Review

Security LeaksThis week Preston and I discuss Wikileaks and the CIA hacks, personal privacy, Consumer Reports’ new reviews that cover security, and a few other current topics. Preston and I offer our opinions on these current topics. If yours differ from ours, please contact us for an interview. We interview C-level executives, industry experts, and security professionals. We have some really exciting interviews coming up in the next few weeks that you won’t want to miss.

Podcast details:

Length: 20:06 minutes. Format: MP3. Rating: G for all audiences.

Stay tuned for our monthly topical podcast that covers Cybersecurity Spring Cleaning. That podcast will be available on March 15.