DrZeroTrust

Do the crazy valuations of companies help them or hurt them? Does big money in cyber security investing fix the problem? Why do some people continue to build businesses even after they cash out?

What can we learn from the game of golf and security strategy? What telemetry matters most? Do you practice right in cyber or in your golf game? What's your favorite course? And many more great golf analogies!

Is cyber insurance a rip off? What do insurance providers do to get out of paying their policy holders? Does cyberwar affect small businesses? Is everything of value to defend? Are humans really the biggest threat vector? Should you pay attention to a CISA advisory?

What is multi spectrum warfare? Is the US the global superpower anymore? How do state and local governments look at cyber versus federal? Will China maneuver in the next 2 years to prepare for a future war?

What does empathy really mean? How do you deal with the "brilliant jerk"? Where is the line on terminating an employee who endangers your business with bad cyber practices? Is the industry really more fair? What about sexism and privilege?

What do consumers really think about passwords? Can technology solve the problem of unsafe passwords? Where does the market go for better user access? Does cloud make a difference? And more on this episode.

Can I download and configure an SSI app during a live recording? Is SSI useful for the average consumer use case? How should we look at the combination of SSI and biometrics? Does this ultimately help kill the password?

Disinformation with lobsters? What about the Missouri Governor and "hacking" that website? Does the new ransomware plan make much difference? New threats in email from Microsoft and how do humans detect them?

How does he advise companies to select technology? What does he think about strategy? What is a non starter for him? How do board members look at cyber risk and technology expenses?

Richard Stiennon (the OG Curmudgeon) and I discuss investments and market dynamics in cybersecurity. He provides his views on a variety of topics and breaks down how he sees the market through his lens and vast experience. Check out his books and his insights on this space every chance you get!

Stealing secrets via PB&J? What is the MSSP market for ZT? When is hacking not hacking? Thoughts on the USAF Chief Software Officer's scorched earth letter, and more.

Cybersecurity awareness month at the White House, so what? Big dollars for ZT in the DoD, really? The demographics of cybercrime and what that means for the rest of us, and what about maritime cybersecurity?

Discussions on how a brand builder and designer worked to build one of the most successful brands in all of cybersecurity. How valuable is culture and leadership to a brand in the space? How do you "punch above your weight class" with marketing? And how much value is there in a simple, authentic message?

Discussions on how a big time CISO handles security for his organization. Getting executive buy in. What is a non-starter for solutions and vendors? How does his team select tooling? What is the most important thing for his global organization? These and other important questions in this episode.

Bad OPSEC on social media? Farmers COOP hit with ransomware? State government organization down for 4 months after "sophisticated" attack? What should you know about cyber insurance? Banking industry sees 1300% increase in attacks in 2021! 10 ways to avoid failing at ZT and more in this episode.

Are certifications worth it? Does school prepare the workforce for a career in cyber? What about K-12? How do we get better? What matters more being certified or time on the keyboard? Why do we have a shortage of cyber folks when the labor statistics say so many people are looking for work in technology?

Deepfakes are being used by scammers, now! What about the ZT study? Do you need more money for ZT? Is social media a valid threat vector?

Thoughts from a guy running a cyber security company on everything from growth, hiring, and how he keeps his company secure even though he knows they are a real target.

Is the new director of CISA doing the right thing? Do people really pay for ransomware keys? What about the T-Mobile hack? Is sorry good enough? What is the new method of ransomware that only encrypts part of a file?

A government and industry meeting on cyber at the White House? Why is cyber insurance such a crazy market sector? What do ransomware actors do when they get on a system? What should we learn from those tactics and how can we defend ourselves better?

Insights and knowledge with an expert on China, the CCP, and the motivations and tactics around cyber warfare operations.

MFA/2FA is no good? What about disinformation and propaganda with covid? Is your baby's camera vulnerable to the new compromise? And what do users actually think about going "around" security controls?

A conversation on Zero Trust with the person noted for coining the term and starting the ZT movement.

Was Blackhat worth the trip, no. What happens when you ransom a tractor? How big is the ZT market? Another hospital is shut down due to an attack, did patients die? What about JCDC?

Is ransomware a weapon? What do we do about these attacks? What is the task force doing about this? Do the folks on Capitol Hill get it? And that one time I got beat up by a bully...

Why does Jeff talk so fast? What's a solid 10 year prediction if there is such a thing? How should some of the major problems be solved? Will we all be unemployed after this podcast? Those items and more on this episode.

Masks everywhere at Blackhat? Why does Kaseya have a ransomware decryptor NDA? Why the lack of MFA in Twitter? Are we getting better at fixing vulnerable software? And What is the Ransomware Sheriff?

What is a Zero Trust Overlay Network? Why do people with British accents sound so smart? Is Zero Trust achievable with today's digital infrastructure? More on those topics and other interesting discussions on how to use SDN/SDP and what this all means for security practitioners.

Laws for critical infrastructure security and pipelines? A federal breach notification law? The US indicts for APT actors for hacking? An interview with a ransomware operator? Will NATO's condemnation of APT actions make a difference?

Art from @britive and Martin from @vubiquity talk about how they see access playing a key role in Zero Trust and discuss how they enable focused access controls in an on demand model.

A Congressional bill on Deepfakes? What about the trend in phishing and ransomware? Do APT nation state leaders care about our "requirements"? And what happens when a law firm sues a ransomware gang?

Some really great reports published recently on a variety of issues in cyber. Check it out.

Sandy has forgotten more about SDLC, AppSec and software security than most folks will ever know. I was very lucky to get to pick her brain for a few minutes on how this affects the software lifecycle, and discuss her thoughts on how we "shift left" on building secure code.

Some really great reports published recently on a variety of issues from leadership in cyber to how the SEC is getting involved in enforcing fines in this space. Check it out.

"Think like a hacker" with Tal Kollender from Gytpol. Check out her background and learn about what it's like to be a real woman in technology and how she looks at helping customers fix their issues and stop threats in their tracks.

Some finer points on a recent ZT EO and the new guidance, a rant on the issues that continue to plague organizations as ransomware gangs keep coming back, and my thoughts on the next generation of cyber folks coming into the workforce.

Some finer points on a recent ZT market publication, a rant on the issues that continue to plague organizations, and my thoughts on how SMB's should face this threat.

What should we think about with the most recent ransomware hacks and are we doing enough nationally to counter this threat? Also how can or should Zero Trust be part of this conversation, and what can a person in a leadership position do when faced with guaranteed failure?

This session I interviewed my intern. We talked about how our generation (the old guard) can help bring the next generation of cyber security pro's into the workforce and about how we can help them be interested and engaged during their work.