RSAC

Yes, there are enterprise tools security teams are using to mitigate the vulnerabilities of a remote workforce, but with all the connected devices in a given home, they need to help of their employees. In this podcast, we will talk with consumer-facing security pros who can provide steps your remote workforce can take to shore up their home networks, making their homes and your business less vulnerable to cyber attacks.

As countries across the globe work through various phases of opening and trying to return to a new COVID-19-tinged normal, contact tracing is a core tenant to many plans. The slippery slope of providing data to authorities to understand if shelter at home guidance is being followed to potentially using this data to alert individuals to potential exposure can serve a short term good to public safety measures, but this data is persistent, so what are the longer term downsides to increased surveillance activities. Who is the custodian of this data? How might it be utilized? How should it be governed? Many new shades of grey have emerged in the last few months will be explored in this podcast.

Life can be downright overwhelming at times. With the stress of work and home life, one’s personal well-being can often take a back seat—but it shouldn’t. When you’re not sleeping well or sleeping at all, it has a dramatic effect on your job performance and your overall mood. Join us in this open and frank discussion why cybersecurity professionals need to take a step back and evaluate their own physical and mental health in order to find balance.

Right now we are in what Matthew Chiodi, CSO Public Cloud, Palo Alto Networks, calls the Opportunity. There is a temptation when events like this happen to be narrowly focused on just keeping the lights on. The Opportunity Zone presents three unique opportunities: Time to reflect, Time to transform and Time to experiment. In this podcast Chiodi will dive a little deeper into how you can take advantage of the Opportunity Zone in order to enable innovation and emerge as a new leader in your organization.

When managing an incident, communication is critical. In this podcast Kim Albarella Senior Director, Global Security Organization Security Advocacy at ADP will share tips for efficient and effective communications. We’ll also discuss what lessons ADP has learned through the pandemic and how businesses can apply those lessons to their future crisis and incident response plans.

Supply chains are disrupted across all industries, which makes for back-ordered webcams and many other products being unavailable. But what happens when mission-critical services completely go down? What are the cybersecurity challenges that organizations have been faced with because of the impact of the global pandemic, and how can security teams deal with these challenges?

Threats evolve and change, but many of the threats in the attacker’s playbook are hardly new. They have been around for a while. What has changed in recent weeks is the threat landscape, but why and how? In this podcast we will look at how a global crisis can change the threat landscape and how industries can work together to effectively navigate those changes.

Across all sectors, security teams are dealing with an increased number of incidents. In our latest podcast, Tim Bandos, Vice President, Cybersecurity at Digital Guardian and Jennifer Ayers, VP, OverWatch and Security Response at CrowdStrike discuss what you can do right now to improve incident response, specifically when working remotely.

RSA Conference Advisory Board members Todd Inskeep and Caroline Wong weigh in on security implications/risks of working fully remotely, the rise of misinformation and phishing campaigns, and the impact that these challenges are having on the mental health of security teams.

Industry leaders across the globe joined together at RSA Conference 2020 to talk security. During one of those talks, Mobile MFA Madness: Mobile Device Hygiene and MFA Integrity, the presenters demonstrated how easy it is to compromise mobile authenticator apps. Then the world went mobile—with employees either working remotely on corporate devices or accessing corporate assets on their own mobile devices. In this podcast, we will revisit the topic and look at how the current cybersecurity challenges and disruptions in supply chains are impacting mobile.

Not surprisingly, the Human Element was a theme that everyone could relate to RSAC 2020. And it’s a conversation that’s just beginning. In this podcast, Britta Glade and Hugh Thompson talk to behavior expert Alexander Stein, PhD, and Auto Club Group CISO Gopal Padinjaruveetil about the symbiotic relationship between humans and technology—and what it portends for the future of cybersecurity.

What were some of the standout moments and most buzzworthy topics from RSAC 2020? Find out as Britta Glade and Hugh Thompson weigh in during this podcast that was recorded in the midst of all the Conference action.

RSAC is where the world talks security—and it’s a conversation that evolves each year based on the needs of the cybersecurity community as a whole. A timely example of this is the debut of two new tracks at RSAC 2020: product security and open source tools. In this podcast, Britta Glade talks to Rockwell Automation’s Megan Samford and SecurityCurve’s Ed Moyle about the latest software development issues that helped fuel the creation of these tracks.

Sit in on a fascinating discussion with David Ruiz and Diana Freed, two security professionals who are passionate about the threats posed by surveillance tools, particularly spyware and stalkerware. They’ll describe the work they’ve been doing independently and collaboratively to help protect victims and their personal data from unwanted surveillance.

While physical security has traditionally reigned supreme within the industrial and manufacturing sector, disruptive attacks such as NotPetya demonstrate the need to adapt IT security best practices to an OT environment. In this podcast, Britta Glade talks to Johnson & Johnson’s Roy Gundy and Rockwell Automation’s Dawn Cappelli about how CISOs and OT cybersecurity leaders can work together to create a converged security program.

In today’s digitally connected world, security vulnerabilities can literally pop up in a flash. In this podcast, Britta Glade talks to Checkmarx’s Erez Yalon about how he and his team discovered an Android camera app vulnerability that could allow hackers to access videos and photos—and even spy on users.

As cybersecurity continues to encompass more areas of our lives, the value of different perspectives becomes increasingly clear. In this podcast, Britta Glade and Hugh Thompson talk to KnowBe4’s Perry Carpenter and cybersecurity consultant Prudence Smith about the benefits of a diverse workforce—not only for individual companies, but for the industry as a whole.

Though incident response (IR) is a key component of any cybersecurity protocol, it’s also surrounded by misconceptions that give rise to a number of questions. Are a security event and incident the same? Will machines soon outperform humans in the arena of IR? Are threat actors truly that much more advanced? To help separate fact from fiction, Britta Glade and Hugh Thompson turn to Kristy Westphal, VP, CSIRT, Union Bank, and Robert Lee, CEO, Dragos, Inc.

The fast-approaching 5G revolution will bring fundamental changes—many of which give rise to a whole new world of security challenges. In this podcast, Britta Glade talks to Hotshot Technologies’ Aaron Turner and special counsel Randy Sabett about how organizations can best mitigate these risks.

Have an area of expertise than can benefit other cybersecurity pros? In this RSAC podcast, Britta Glade and Hugh Thompson share how to submit a speaker proposal that will stand out during the selection process.

With such a packed agenda at RSAC 2019 APJ, you might be wondering if you missed something significant. The good news is you can catch up on the trends and topics that had everyone talking when you listen to our podcast—recorded live at Conference.

The City of Baltimore’s recent ransomware incident not only caught government servers by surprise. It also jolted the industry as a stark reminder that cyberattacks can still occur where and when they’re least expected. Not the most comforting prospect—but are there constructive takeaways to be gleaned in the aftermath? Helping us uncover these silver linings are Duo Security’s Wendy Nather and LEO Cybersecurity’s Andrew Hay. Some of the topics to be covered in this podcast include: • How the Center for Internet Security’s Top 20 Critical Security Controls remains an effective guide for preventing cyberattacks—regardless of a company’s security budget • The importance of educating all employees on the need for good cyber hygiene habits • Taking a first-responder approach to dealing with a cyberattack, such as immediately bolstering IT staff Related links: https://www.colorado.gov/pacific/dhsem/atom/129636 https://www.cisecurity.org/controls/cis-controls-list/ https://sightlinesecurity.org/

It’s a key component of Microsoft’s new ElectionGuard. And as the world becomes increasingly hyperconnected, cryptography will be called upon to protect much more than our votes. In this podcast, Britta Glade talks to Microsoft Research’s Josh Benaloh and NIST’s Matthew Scholl about applied cryptography’s expanding role.

GDPR is not even a year old but in that short time, it’s dramatically changed how companies handle and are held accountable for the data they use. But beyond companies, the main purpose of GDPR was to protect and empower consumers. So, how well is it working? With the help of Bree Fowler, Technology Writer at Consumer Reports and John Elliott, Data Protection Specialist, this month’s RSAC Podcast focuses on how GDPR has impacted consumer expectations and their willingness to share personal information. During the episode, our experts will answer these questions and more: • When it comes to understanding a company’s privacy policies, what responsibility does the consumer assume? • Are there situations where consumers should push back and ask for more diligent privacy and data use regulations? • How much information is “appropriate” for companies to gather from their users?

Britta Glade and Hugh Thompson talk about their take on highlights from the week at RSA Conference 2019

As cybersecurity seeps deeper into so many areas of our lives, it’s more important than ever for technology creators and policy makers to work together for the benefit of society as a whole. That’s the backdrop for our new track at RSAC 2019, Bridging the Gap: Cybersecurity + Public Interest Tech, brought to you in partnership with Bruce Schneier and the Ford Foundation. In this podcast, Britta Glade talks to Bruce and the Ford Foundation’s Jenny Toomey as they discuss some of the topics that will be covered during the day-long track, including how cybersecurity and social progress are becoming increasingly intertwined—and how infosec professionals can contribute to positive change both individually and collectively.

Get a head start on Boot Camp with our CISO-focused February podcast episode. In it, RSAC CISO Boot Camp speakers, Dawn Cappelli, VP Global Security and CISO of Rockwell Automation, and Tim Callahan, SVP of Global Security and Chief Security Officer of Aflac Inc., will share their vision for RSAC CISO Boot Camp and preview topics that’ll be covered in March.

As it turns out, the weakest link in any cybersecurity solution is…us. More than ever, hackers are using a variety of social engineering scams designed to fool people into giving up personal information voluntarily. So how do you protect us from ourselves? Join hosts Britta Glade and Hugh Thompson and their guests Ira Winkler of Secure Mentem and Lance Hayden of Elligo Health Research for a wide-ranging discussion on what to do about the human problem, including establishing protocols, creating a Human Security Officer position and more.

Every year, RSA Conference receives hundreds of submissions from potential speakers. It’s the job of the RSAC Program Committee to examine every submission. Taken as a whole, these submissions form a fascinating view into the trends that will affect the industry in 2019 and beyond. In this podcast, you’ll hear from six Program Committee members as they discuss the trends they discovered that will be most relevant to you in the coming year.

In the 15 years since cybersecurity first received an October shout-out, technology has grown in leaps and bounds. But one thing that’s remained constant? The vital role that humans play in not only creating these advancements, but in driving their success and—often unknowingly—contributing to their limitations. In this episode, we talk with two awareness experts who share how best to secure our most important infosec asset: people. Some of the topics that we’ll cover include: •What are the core tenants of awareness training beyond phishing warnings? •What do you say to an IT team that believes it can code its way to complete safety? •How do you persuade employees to pay attention to cybersecurity—especially those who are working remotely from home networks?

What are some career tips for future cybersecurity professionals? Get the answers as Britta Glade talks with Founder and Managing Director, Ursus Security Consulting LLC, Kim Jones and Stanford University student Maggie Engler.

Britta Glade and Dr. Hugh Thompson delve into the latest cybersecurity technology developments with Microsoft’s Diana Kelley and Denim Group’s John Dickson. Topics to be covered include: •What is data gravity and how can it help analysts in the SOC/CDOC? •How can security strategies be adapted for DevOps application developments? •What are the advantages of using a layered machine learning (ML) model over a single ML? •Are humans in danger of being replaced by artificial intelligence?

Britta Glade and Hugh Thompson talk with State of Colorado CISO Deborah Blyth and Oracle CSO Mary Ann Davidson about the relationship between cybersecurity and the C-Suite—and the repercussions when the two go their separate ways.

Britta Glade and Hugh Thompson interview IBM Security’s Etay Maor and Symantec’s Dr. Saurabh Shintre about their upcoming artificial intelligence and blockchain seminars at RSAC 2018 Asia Pacific & Japan.

Tasked with creating a cybersecurity policy framework, the National Institute of Standards and Technology (NIST) had its work cut out for it—and then some. After all, it’s one thing to agree that organizations and the nation’s critical infrastructure need to be protected. And another to find common ground on how best to proceed. In this episode, we take a look at how the NIST Cybersecurity Framework was born, and where it’s headed once the recently drafted—and more user friendly—updates go into effect. Some of the topics we cover include: •To what degree are both the public and private sectors guided by the Cybersecurity Framework? •In what ways does the Cybersecurity Framework address various technologies such as IoT? •How does the Cybersecurity Framework weigh in on the challenges specific to vertical industries?

Cybersecurity has come a long way. But unfortunately, with every bit of progress the industry makes, threats and risks are never far behind. Especially now, in the midst of a turbulent political atmosphere, cyberattacks put everything from personal data to personal liberties at stake, leaving our government to address the biggest uncertainty of all: where do we go next? Joining hosts Britta Glade and Hugh Thompson, along with guests Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, and Dmitri Alperovitch, co-founder and CTO of CrowdStrike, as they team up for our newest RSAC podcast episode. Topics covered will include: •What does today’s threat landscape look like and how can we address its many challenges? •Have there been changes in breakout time and speed of adversary activity within compromised networks and what does that mean for future security priorities? •How can infosec professionals engage Boards and other governing bodies in discussions of cybersecurity policy? •What challenges are unique to protecting critical infrastructure?

Britta Glade, Curator and Director, RSA Conference and Hugh Thompson, Program Committee Chair, RSA Conference

Davi Ottenheimer, of MongoDB, interviews Tim Jenkin, winner of the Excellence in Humanitarian Service award at RSA Conference 2018.

Here’s something to ponder: In an alternate universe, where would cybersecurity be today without the continuous pursuit of innovation? While we can only guess, one thing is pretty certain. Cyberattackers would be a lot happier in that universe than they are here. In this episode, we take a look at multiple aspects of industry growth—from revenue and investments to tech advancements and opportunities. Some of the topics we cover include: •What investment strategies are VCs employing in 2018, and how do they differ from previous years? •What criteria should buyers consider in choosing startups to add to their security portfolios? •Based on where the industry is headed, what new and exciting developments can we expect at the RSAC 2018 Early Stage Expo?

What do AppSec and DevOps have in common besides two-syllable monikers? A lot. Which is why their importance—especially from a risk management and compliance perspective—has not gone unnoticed. Nor has their ability to learn from each other along the way. In this episode, we talk with two guests who draw on their very relevant experiences to weigh in on where AppSec and DevOps are situated today and where they’re possibly headed in the future. Some of the topics we cover include: •With a variety of threats slipping through a growing number of cracks, is threat modeling at speed a viable solution? •What skill set is needed for secure coding, and should companies be responsible for ensuring these skills are met? •What is the single greatest impact that DevSecOps is having within organizations?

It used to be that cities set themselves apart based on population density, cultural attractions and historical significance. But intelligence? Welcome to the intersection of modern living and the Internet of Things. In this episode, we’ll be talking with two guest speakers who weigh in on whether smart cities have rescinded the welcome mat for privacy. Take a look at some of the topics we’ll be covering: •Given how much smart cities “know” about us, can individual and company privacy still be protected? •What steps should corporations take to safeguard all the data they are gathering on smart city citizens? •What are the privacy implications of inviting smart assistants like Alexa and Siri into our homes?

It’s never good news when potential security exploits are detected. But when they affect all personal computers, mobile devices and cloud infrastructure dating back to 1995, it creates a problem of a whole new magnitude. In this episode, we’ll be talking with Paul Kocher, the researcher credited with co-discovering Spectre and a co-author of the Meltdown research paper. Some of the topics that we cover include: •How did these vulnerabilities happen, and why were they not detected sooner? •Did the rush to bring technology to market play a role in allowing these exploits to slip through the cracks? •What are the main concerns to look out for—both as an individual and as a CISO?

The holiday season is upon us. And our gift to you? An insider look at the potential threats and countering strategies that could have the greatest impact, for better or worse, in 2018. In this year-end episode, we talk with two cybersecurity luminaries who weigh in on the latest trends as part of a word game. Sound too fun to be enlightening? We promise you’ll learn as much as you’ll laugh. Some of the topics that we cover include: •Does threat intelligence sharing have a future now that IOCs are longer relevant? •Will NotPetya--a new class of attack that allowed only seven seconds to respond--be replicated? •How can we help build the next generation of cybersecurity talent to carry on the battle?

People, process, and technology. It’s an interlocked trio that’s vital to most organizations today. And when there’s a shift in security operations or strategy, all three will feel the jolt. In this episode, we’ll be talking with two guest speakers who draw on their firsthand experiences to share must-do and avoid-at-all-costs security operations and strategy advice. Some of the topics that we’ll cover include: •Skills that are most needed for today’s security operations and analyst roles •Differentiating between product security and IT security •How to adapt security operations and architecture for public cloud deployments

Big numbers have a way of getting our attention. And in the case of recent data breaches, they’re eye-poppingly notable. According to Gemalto, 1.9 billion data records were exposed in the first half of 2017—which equates to 122 records exposed every second in breaches worldwide. In this episode, we’ll be talking with two guest speakers whose cybersafety sessions drew some of the highest scores at RSA Conference 2017. Some of the topics that we’ll cover include: •Are data breaches getting worse, and if so, why? •How do you best measure security awareness? •What role does positive incentives for employees play in keeping data safe?

What’s the good, the bad and the future of the increasingly close relationship between technology and security? Find out as Ben Jun, CEO, HVF Labs, and Ed Amoroso, CEO, TAG Cyber, share the latest insights into the technology development process.

What exactly happened? And how can you best protect yourself? Get answers to these questions and more as Lance Spitzner, Director at SANS Securing the Human, weighs in on the data breach affecting 143 million Equifax users

You know “Must See TV”? Well, this is a must-hear podcast. This episode is focused on professional development, and we’ll be talking with two guest speakers who have very different backgrounds but share a strong commitment to growing the infosec profession. Some of the topics that we’ll cover include: •How we can help develop future cybersecurity aspirants to fill in the current worker-shortage gaps, knowing that purple unicorns remain elusive •How cybersecurity as a profession has changed over the past 10 years, and what to expect moving forward •How contributing to the community and giving back helps shape and enhance your professional development

Our first episode focuses on policy and government regulations in information security, including: •How the Cybersecurity Framework (CSF) is holding up against the recent wave of attacks •Strategies for keeping up with regulatory CSF changes •Positive and negative aspects of government involvement in cybersecurity

There are more chips being made then there are people on the planet now, Paul Kocher, President and Chief Scientist of the Cryptography Research Division of Rambus, tells RSA CTO Zulfikar Ramzan in this StoryCorps @ RSAC podcast. Technology evolves so quickly that we don’t even know what challenges and threats we may face from what we’re developing now. “To me information security has to co-evolve with the development of information technology,” Ramzan says. “To me this is part of a longer journey with many, many interesting factors.” How can we always keep our eye on the horizon and make sure we are implementing the fundamentals? Where do the challenges of the future lurk, and where can we find inspiration and optimism in the face of adversity? You can hear more of their conversation here.