Nerd Out Security Panel Discussion: EP 29. Bringing in Fall with the Hottest 50 and security news
In the latest episode of Nerd Out, Dave, Bridget, and Joe are together again and catch up on all the summer happenings to include an update on Bridget's ever-exciting news. The Nerd Out crew then turns to another list and talk about the significance and importance of the Homeland Security Today Hottest 50 list. Bridget gives some of the background on the list and some of the criteria that brought the list together while Dave and Joe were left to wonder if they might be on the list next year. Next, the gang talked about venue security and how the big summer season went relatively smoothly and what that could mean for the fall season and the upcoming significant events and holidays. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
September 18, 2022
The Risk Roundtable EP 33: Making the list and threat over/unders
The latest episode of the Risk Roundtable brings a familiar voice to talk about the impact of her work. Homeland Security Today Managing Editor Bridget Johnson joins Andy, Jen and Dave to talk about her addition to "The List" - an accelerationist "hit list" based on her work on rooting out extremism and their propaganda. Bridget talks about the dual edged sword of safety while also knowing that her work is hitting the right spots with these hate-based actors. After Bridget left to handle matters connected to this threat, Dave, Andy, and Jen talked about the Multi-Factor Authentication and how it's important to implement but to also take appropriate care. Finally Dave took control and led the Roundtable through a new game of "Over-rated / Under-rated / Properly Rated". The team assessed where three security threats were rated and the reasons why. Andy finished things off with three questions that included Alf, Matthew McConaughey, and word association. Some of the topics discussed in this episode include: 0ktapus campaign: Twilio, Cloudflare, and over 130 more victims discovered by Group-IB: https://www.group-ib.com/media/0ktapus-campaign/ The Human Factor Report: https://www.proofpoint.com/us/resources/threat-reports/human-factor
August 29, 2022
The Gate 15 Interview EP 26. Bill Flynn, Homeland Security Expert on Threats, Preparedness, DHS, the Yankees and More!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with William (Bill) Flynn, the president of Garda Risk Management LLC, specializing in homeland and national security policy and operations with a focus on critical infrastructure security and resilience. Bill is a highly-sought after homeland security expert and is also a partner in The Power of Preparedness (TPOP) an e-learning company that goes beyond stand-up training to provide strategy and tactics to mitigate workplace violence and active assailant threats. He also serves on the board of the Faith-Based Information Sharing & Analysis Organization (FB-ISAO). Bill has served as a Senior Fellow at the George Washington University Center for Cyber & Homeland Security and was among the original leaders at DHS, where he served in a number of key leadership positions and including as the Principal Deputy Assistant Secretary of the Office of Infrastructure Protection (since renamed within what is today, CISA), where he led the coordinated national effort to reduce risk to our nation’s critical infrastructure. Read Bill’s complete bio below! Follow Bill on LinkedIn! Follow The Power of Preparedness on LinkedIn! Follow The Power of Preparedness on Twitter! @TPOPtraining In the discussion we address: Bill’s career of public service including time in the U.S. Navy, with the NYPD, and at DHS Bill’s ongoing work leading Garda Risk Management and with The Power of Preparedness · Threats, hostile events, behavioral indicators and preparedness Executive security and organizational risk and mitigation Creating a culture of security, the cost of preparedness vs. the costs of recovery, and the “three C’s” The Yankees, national monuments and icons, and much more! A few references mentioned in or relevant to our discussion include: The Power of Preparedness: Online Training for Active Shooter Preparedness & Verbal De-Escalation Customized for Your Industry or Organization The Gate 15 Hostile Events Preparedness Series (HEPS) and The Power of Preparedness (TPOP) Faith-Based ISAO & TPOP Get the White Paper! The Hostile Event Attack Cycle (HEAC), 2021 Update. NCTC, FBI & DHS: U.S. Violent Extremist Mobilization Indicators 2021 Critical Infrastructure Threat Information Sharing Framework A Reference Guide for the Critical Infrastructure Community, October 2016 PERSPECTIVE: Mass Shootings Are a Homeland Security Risk; Change starts with an accounting that what has been done – much of it laudable – has not been sufficient to the challenge. (Bill Flynn and Bob Kolasky, in Homeland Security Today, 11 June 2022) The crisis after the crisis: What grocers can expect after an active shooter incident. Food retail managers should be prepared to handle external communication and support for victims and their families in the aftermath of violence, writes security expert William Flynn. International Association of Venue Managers (IAVM) FMI - The Food Industry Association The Restaurant Loss Prevention & Security Association (RLPSA) Homeland Security - Office for Bombing Prevention (OBP) Homeland Security - Protective Security Advisor (PSA) Program Homeland Security - Regional Resiliency Assessment Program (RRAP) On Executive Security, Bill and Andy discussed outspoken leaders and Andy shared comments made by Whole Foods CEO, John Mackey in this recent interview: Whole Foods' John Mackey (Reason, 10 Aug 2022) Gate 15 resources pages Faith-Based Information Sharing & Analysis Organization Advisory Board
August 22, 2022
Nerd Out Security Panel Discussion: EP 28. The Nerd Out Two-Third of the Year Awards
In the latest episode of Nerd Out, Dave goes solo and tackles security awards at the two-thirds part of the year. Looking at the important security issues or challenges of the year, Dave goes through a series of award tied to various pop-culture references before arriving at his two-thirds of the year MVP, if there really is a doubt. Then Dave transitions to a new security book he's reading and a couple shows that are on his list. Enjoy the show! Book mentioned: The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer
August 17, 2022
The Cybersecurity Evangelist: Ep 21 – Who Really Needs to Know When You’re OOO (Out-of-Office)?
TCE is back with another travel-related PSA. In episode 21, it’s another monologue and travel-related public service announcement – this time on the risk of automatic out-of-office notifications.
August 10, 2022
The Risk Roundtable EP 32: A true all-hazards discussion - cannabis, the Hard Reset, cyber, and monkeypox!
Ben Taylor, Executive Director of Cannabis ISAO, channels his inner Wolverine and makes his third stop on the Gate 15 podcasts as he joins Andy to talk about all things Cannabis as well as the collaborative effort to publish a joint security analysis around the Hard Reset. Dave then joins Andy to talk about recent cyber reporting and the value that they provide to organizations as they go beyond the numbers. Ensuring the episode hits key all-hazards, Andy and Dave discuss monkeypox and the lessons that can be applied from COVID that can help individuals and organizations make responsible, risk-informed decisions. Cannabis ISAO: Cannabis MSO Shares Cyber Threat Report: https://cannabisisao.org/2022/07/directors-cut-july-1-2022/ Risky Biz News, with Catalin Cimpanu (everyone with interests in cybersecurity should be subscribed to this), from 06 Jul 22: https://riskybiznews.substack.com/p/risky-biz-news-china-faces-its-first Cannabis ISAO on the Hard Reset: https://cannabisisao.org/2022/07/directors-cut-july-15-2022/ Andy’s tweet on the Hard Reset report: https://twitter.com/andyjabbour/status/1550252329378713602?s=21&t=Kbwk6HAVKIkKf7xGrRUXrQ Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde. https://gate15.global/nerd-out-security-panel-discussion-ep-27-the-hard-reset-and-uvalde/ Cannabis ISAO website: https://cannabisisao.org Cannabis ISAO blog and Director’s Cut posts Ben’s previous pods Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO! https://cannabisisao.org/home/blog/ The Gate 15 Interview: Ben Taylor, on Cannabis ISAO, Cannabis Industry security, cybersecurity, rescue dogs and more! Monkeypox WHO Director-General's statement at the press conference following IHR Emergency Committee regarding the multi-country outbreak of monkeypox - 23 July 2022 CDC Monkeypox Statement from Raj Panjabi, Director of White House Pandemic Preparedness Office, on World Health Organization Declaration on Monkeypox FACT SHEET: Biden-Harris Administration’s Monkeypox Outbreak Response IBM Cost of a Data Breach Report Proofpoint State of Phish Report SEKOIA.IO Mid-2022 Ransomware Threat Landscape ENISA Ransomware: Publicly Reported Incidents are only the tip of the iceberg & ENISA Threat Landscape for Ransomware Attacks. Kim Milford, Executive Director, REN-ISAC interviewed in How Are K-12 and Higher Education Faring Against Ransomware? Andy’s thread with KELA and noting The Record: Ransomware group demands £500,000 from British schools, citing cyber insurance policy The Gate 15 Interview: Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more! Homeland Security Today: hstoday.com
August 02, 2022
The Gate 15 Interview EP 25. Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Amanda Berlin and Megan Roddie, cybersecurity leaders & mental health hackers, and they’ve got their hands in a lot more too! Amanda is the Lead Incident Detection Engineer at Blumira and has worked in I.T. for almost her entire adult life. Before working at Blumira, Amanda’s responsibilities have included infrastructure security, network hardware and software repair, email management, network/server troubleshooting and installation, purple teaming with a focus on phishing employees and organizational infrastructure as well as teaching employees about security and preventing exploits. She currently serves as the Chief Executive Officer for Mental Health Hackers and is the co-host of the Brakeing Down Security Podcast (BrakeSec Podcast, @brakesec)! Megan is a Senior Security Engineer at IBM, Co-Author of SANS FOR509 and has worked in cybersecurity since graduating from Sam Houston State University (and while she was still a student!). Previous roles have been with the Texas Department of Public Safety, Recon InfoSec, and with IBM’s X-Force. She currently serves as the Chief Financial Officer for Mental Health Hackers. Megan is also a Muay Thai fighter and coach. Follow Mental Health Hackers on Twitter! @HackersHealth Follow Amanda on Twitter at @InfoSystir and on LinkedIn and follow Blumira on Twitter! Follow Megan on Twitter at @megan_roddie and on LinkedIn. In the discussion we address: Amanda & Megan’s backgrounds and origin stories Awesome tips for breaking into security! DEFCON and how to score a free breakfast at DEFCON!! Mental Health Hackers The Brakeing Down Security podcast Muay Thai, Musicals, Apples & Bannanas! Fruits, music and so much more! A few references mentioned in or relevant to our discussion include: Mental Health Hackers website Mental Health Hackers on Twitter! @HackersHealth Amanda on Twitter at @InfoSystir and on LinkedIn. Megan on Twitter at @megan_roddie and on LinkedIn. Tom Williams on Twitter: @ginger_hax Amanda’s InfoSec Staples tweet - https://twitter.com/infosystir/status/972906318875983873?s=21&t=CCp0CmDgDcZXQVWtnpEXEA Blackhat USA 2022 - https://www.blackhat.com/us-22/defcon.html?_mc=sem_bhus_sem_bhus_x_tspr_Google_defcon30_bhusagcompetitvedefcon30_2022&gclid=Cj0KCQjwn4qWBhCvARIsAFNAMihsrClH8Aygi2UnTsbSus3teDdktlK2NiamBzyAORwM5nHcaE4pynwaArHkEALw_wcB DEFCON 30 - https://defcon.org 10th Annual Brazilian Jiu-Jitsu Smackdown. A Brazilian Jiu-Jitsu event for information security professionals hosted by Jeremiah Grossman during Black Hat and Defcon - https://www.eventbrite.com/e/10th-annual-brazilian-jiu-jitsu-smackdown-tickets-348058561527 Amanda’s Book! Defensive Security Handbook: Best Practices for Securing Infrastructure (1st Edition) - https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 Megan’s SANS Course! FOR509 Course Update - Introducing Google Workspace, the Multi-Cloud Intrusion Challenge - https://www.sans.org/blog/for509-course-update---introducing-google-workspace-the-multi-cloud-intrusion-challenge-and-more/
July 25, 2022
Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde
In the latest of Nerd Out, Bridget and Dave talk about all things extremism with the most recent publication of "The Hard Reset" as well as the latest accelerationist document "Make it Count". Specifically they discussed: the contents of the documents, the wide ranging themes, the targets mentioned tactics and techniques, how this information could be used, what organizations can do the recent joint product with contributors from multiple ISAC / ISAO, partners, and agencies Then Dave and Bridget talked through the Uvalde school shooting and the recent lessons learned report from the Texas House of Representatives and how organizations can use the report to review their own security as well as avoid some of the issues identified. Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
July 22, 2022
Risk Roundtable EP 31: A 4th of July Security Mindfulness Special
On America's Independence Day, Andy and Dave pulled up to discuss the latest security challenges organizations face. Starting with the recent Copenhagen incident, they talked continued a previous discussion about the noise surrounding hostile events and how they distract from the real issues. Working back to the hostile events attack cycle, Andy brought up the numerous resources, many low-cost, that organizations can leverage as they continue to build out their state of preparedness. Dave and Andy also talked about drones, their continued risk, as well as the latest efforts by the U.S. government to start to address the risk. Finally, the roundtable talked about weather events and wildfires to round about the holiday special. And even though Jen was enjoying much deserved time off, Andy made sure to bring up cyber related threats and items of interest. But no episode is complete without Andy's three questions. This month, they talked about Obi Wan (and Star Wars in general), music, and 4th of July memories! Links to items discussed in the episode include: Copenhagen shooting: Shopping mall gunman charged with murder (BBC, 4 July 2022) https://www.bbc.com/news/world-europe-62034089 Andy’s Tweet on conspiracy theories https://twitter.com/andyjabbour/status/1543935473088925697?s=20&t=5L8OF3My0RCPxfC5ZEBibg Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ Run. Hide. Fight. (FBI) https://www.fbi.gov/video-repository/run-hide-fight-092120.mp4/view Run. Hide. Tell. (UK) https://www.npcc.police.uk/StaySafeAssets/FINAL%20MPS168715%20Run%20Tell%20Hide%20A5%20Lflt%20Blk%20Eng%20v3.pdf Gate 15 Resources Pages https://gate15.global/resources/ Faith-Based ISAO Resources Pages https://faithbased-isao.org/resources/ What's YOUR Plan, by James DeMeo on Amazon https://www.amazon.com/Whats-YOUR-Plan-James-DeMeo/dp/099892864X Andy’s Tweet on his time discussing Hostile Events, Active Shooter and De-escalation at Loudoun Hunger Relief/@LoudounHunger. https://twitter.com/andyjabbour/status/1542876302058946571?s=20&t=YbaxIcwp_-rArFWa2WSWRg Andy’s Tweet on Outlook Rules https://twitter.com/andyjabbour/status/1543668162780139520?s=20&t=YbaxIcwp_-rArFWa2WSWRg White House, FACT SHEET: The Domestic Counter-Unmanned Aircraft Systems National Action Plan (25 April 2022) https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/25/fact-sheet-the-domestic-counter-unmanned-aircraft-systems-national-action-plan/ A Drone Tried to Disrupt the Power Grid. It Won't Be the Last; An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it (Brian Barrett/@brbarrett in WIRED, 25 Nov 2021) https://www.wired.com/story/drone-attack-power-substation-threat/ Drone shows instead of July 4 fireworks? More Colorado communities are making the switch for fire safety (Matt Bloom, CPR News, 01 Jul 2022) https://www.cpr.org/2022/07/01/july-4-fireworks-drone-shows-wildfire-risk-colorado/ “Singles” soundtrack info on Wikipedia and listen on Spotify https://open.spotify.com/album/58BEJ01sL8wK5LV3TPyngC?si=wQzLq88lSx6iuQDurXsvhA&nd=1 “No Woman. No Cry.” From The Office via Yarn, and the legendary song by Bob Marley & The Wailers (1974) https://open.spotify.com/track/3PQLYVskjUeRmRIfECsL0X?si=5159bc1a07484b29&nd=1
July 04, 2022
The Gate 15 Interview EP 24. Scott Algeier on information sharing, critical infrastructure, cybersecurity, and more
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Scott Algeier, Founder, President and CEO, Conrad, Inc. Cybersecurity Consulting. “Scott C. Algeier works at the intersection of cybersecurity policy and operations. He is the Founder, President and CEO of cybersecurity consulting firm Conrad, Inc., Executive Director of the Information Technology – Information Sharing and Analysis Center (IT-ISAC). Conrad, Inc. provides strategic policy and business consulting services to businesses and not for profit organizations focused on cyber security and critical infrastructure protection (CIP). Scott engages senior level policy makers in industry and government, domestically and internationally, on behalf of his clients. This includes direct engagement in the development of the nation’s most significant domestic cybersecurity and CIP policies and operational plans.” To learn more about Conrad, Inc, visit the Conrad website and connect on Twitter and you can follow and learn more about Scott on LinkedIn. “building partnerships is in large part being able to find common ground” In the discussion we address: Scott’s work at Conrad, Inc. Cybersecurity Consulting and his work with IT-ISAC and other information sharing communities. Working with critical infrastructure Building communities of trust The state of private-public partnerships The war in Ukraine and the enduring Russian cyber threat Making cybersecurity a kitchen table issue And a lot more! A few references mentioned in or relevant to our discussion include: Conrad website: https://www.conradinc.biz Some of Conrad’s clients: https://www.conradinc.biz/clients Advancements, A Series Hosted By Ted Danson, featuring IT-ISAC: https://advancementstv.com IT-ISAC: https://www.it-isac.org CyberShare - The small broadband provider ISAC: https://www.ntca.org/member-services/cybershare CompTIA ISAO: https://connect.comptia.org/membership/comptia-isao The Gate 15 Interview: Elections Security 2020, with the FBI and the Elections Infrastructure ISAC (26 Oct 2020): https://gate15.global/the-gate-15-interview-elections-security-2020-with-the-fbi-and-the-elections-infrastructure-isac/ On the importance of having a “partner mindset,” Scott says, “at the end of the day, we can do more good by collaboration than by fighting (over business)“- Scott Algeier, Founder, President and CEO, Conrad, Inc. Cybersecurity Consulting
June 27, 2022
Nerd Out Security Panel Discussion: EP 26. The Return of Travis, Energy, and Lacrosse
The latest episode of Nerd Out feels like one of the first with the return or Travis Moran to the pod. Travis came on to talk about the energy sector and his new work to help make sure that his critical infrastructure is positioned for the number of threats facing the industry. Travis goes into detail about his role and the role of security practitioners and some of the ways that they can be successful with training and exercises. Dave then asked Travis to put on one of his old hats and talked about the looming Roe v Wade decision and what it could for organizations from a protest and demonstration standpoint. Turning to lighter fare, the two shared their love for the sport of lacrosse, Maryland's dominance, the rigor of a season, and why they may or may not be fans of the Premier Lacrosse League. Travis Moran is a Senior Reliability & Security Advisor with SERC Reliability Corporation; firstname.lastname@example.org; he can be found on Twitter at @dronin_on
June 23, 2022
The Cybersecurity Evangelist: Ep 20 – Don’t Let Travel Scams Ruin your Vacation Plans
After a drawn out thank you for the success of episode 19 (and 18), The Cybersecurity Evangelist is back to chatting about the human side of cyber in this summer PSA on travel-related scams. Resources mentioned in this episode: Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays Avoid Scams When You Travel ReportFraud.ftc.gov
June 17, 2022
The Risk Roundtable EP 30: Jen’s a big deal, sweaty shirts, and persistent threats!
It started off with sweaty shirts and Jen's big announcement and ended with Dave wondering about green tea. But in-between the latest episode of the risk roundtable saw Andy, Jen and Dave talk about familiar topics - namely persistent threats. Unfortunately for all the times we have talked about them, these threats hang around and continue to strike at individuals and organizations. Whether they are cyber or physical related, threat actor continue to go to the proverbial well again and again because they work. The gang talked about the latest cyber threats and recounted the latest string of hostile events ranging from Buffalo, to Texas, to California, and all the others in-between. Equally important to this discussion was the release of the latest National Terrorism Advisory System (NTAS) bulletin that addressed the latest threats and extremist risks (https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-7-2022). After going through the roulette round, Andy led Jen and a partially paying attention Dave through some fun yes or no questions. Items referenced in the Pod include: @Shadowserver https://twitter.com/Shadowserver - https://www.shadowserver.org Dave post on Active Shooter Incidents https://gate15.global/highlights-fbi-update-on-active-shooter-incidents-in-the-united-states/ Rob Yandow's paper on Physiological Response. https://gate15.global/the-brain-and-the-body-the-physiological-response-that-occurs-when-we-experience-fear-stress-trauma-and-critical-incidents/ HEAC White Paper https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/ KEV: https://www.cisa.gov/known-exploited-vulnerabilities MFA page (new) https://www.cisa.gov/mfa CISA Jen: https://twitter.com/cisajen/status/1534055424600641537?s=21&t=S54nhjh7Vjp_q7Co9wk0fg Water ISAC and Dragos. https://www.waterisac.org/portal/waterisac-partners-new-dragos-ot-cert-help-underserved-water-and-wastewater-systems @RobertMLee Dawn’s active on LinkedIn (Dawn Cappelli, CISSP) https://www.cisa.gov/uscert/ncas/alerts https://www.cisa.gov/uscert/ncas/current-activity Plus many more - listen in
June 08, 2022
The Gate 15 Interview EP 23. Leigh Honeywell: Hacker, Community Organizer and CEO at Tall Poppy
Leigh is the founder and CEO of Tall Poppy, where she helps companies protect their employees from online harassment. She was previously a Technology Fellow at the ACLU’s Project on Speech, Privacy, and Technology, and also worked at Slack, Salesforce.com, Microsoft, and Symantec. She has co-founded two hackerspaces - HackLabTO in the Kensington Market area in Toronto, and a feminist space called the Seattle Attic Community Workshop in Pioneer Square, Seattle. She is now a member and Chief Security Officer of Double Union, a feminist hackerspace in San Francisco, and she advises several nonprofits and startups. Leigh has a degrees from the University of Toronto where she majored in Computer Science and Equity Studies. Leigh points out that the latter major is about equity as in equality, not as in finance. To learn more about Tall Poppy, visit the Tall Poppy website and connect on Twitter and you can follow and learn more about Leigh on Twitter: @HYPATIADOTCA and LinkedIn. “tall poppy syndrome is a cultural phenomenon in which people hold back, criticize, or sabotage those who have or are believed to have achieved notable success in one or more aspects of life, particularly intellectual or cultural wealth-‘cutting down the tall poppy.’ It describes a draw towards mediocrity and conformity. Commonly in Australia and New Zealand, ‘cutting down the tall poppy’ is used to describe those who deliberately put down another for their success and achievements.“-via Wikipedia In the discussion we address: Leigh’s background and the personal and professional progression that led her to found Tall Poppy What Tall Poppy is doing to help protect individuals through personal digital safety Hackerspaces, equity, diversity and women in cybersecurity Leadership Emerging issues in information security Leigh’s ever-colorful hair, CanRock, KiwiCon, and much more! A few references mentioned in or relevant to our discussion include: Tall Poppy website - https://www.tallpoppy.com Leigh mentioned KYC for crypto. For more on that see What Is KYC and Why Does It Matter For Crypto? (25 Mar 22) - https://www.coindesk.com/learn/what-is-kyc-and-why-does-it-matter-for-crypto/ Leigh spoke about device security and the threat of SIM swapping. Read more from this FBI IC3 Public Service Announcement, Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public (08 Feb 22) - https://www.ic3.gov/Media/Y2022/PSA220208 CISA: Walk This Way to Enable MFA (05 May 22) - https://www.cisa.gov/blog/2022/05/05/walk-way-enable-mfa CISA Director Jen Easterly tweeting about #MFAMay and #MoreThanAPassword (05 May 22) The Kelihos botnet campaign aimed at Apple iCloud accounts was mentioned. Here’s a 2014 blog post from Symantec and a summary from the BBC - https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7273883f-edd4-46c6-a723-ab83ea0b8264&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments Andy mentioned another advocate for people and communities he’s a fan of. Learn more about Matt Mitchell in The Gate 15 Interview: Matt Mitchell, a Champion for Security and Privacy (26 Apr 21) Andy took the opportunity to put in a plug for the upcoming InfraGardNCR Cyber Camp (scheduled for 18-22 July!) And Leigh and Andy gave some unsolicited promotions for 1Password, and Leigh also offered BitWarden as great options for password managers. Leigh also suggested reviewing the Consumer Reports and New York Times’ Wirecutter for reliable reviews
May 23, 2022
Nerd Out Security Panel Discussion: EP 25. Buffalo and the Journey into Hate.
In the latest Nerd Out podcast, Dave is joined by Bridget Johnson to talk about the hostile event at the Top's Supermarket in Buffalo, New York. Looking at the attack through the lens of Gate 15's Hostile Events Attack Cycle (HEAC), Dave and Bridget talked about all the planning and preparedness that went into the attack as documented by the attacker's manifesto. Bridget went into length about the way the attacker outlined his beliefs while showcasing his admiration and reverence to previous attackers, especially the 2019 New Zealand mosque attacker. They wrapped up the pod with some thoughts for organizations to consider and how the lessons learned and behaviors identified can be applied to any location and organization. Bridget wrapped up up with some strong words that this manifesto is dangerous and deliberately speaks to a vulnerable group who may seek inspiration in their own lives. In addition, it represents a journey into hate that organizations need to be mindful of. Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
May 18, 2022
The Cybersecurity Evangelist: Episode 19 - TCE Evangelizes a Few ICS Security Thingz
This month, Jen tries to put the “evangelize” in The Cybersecurity Evangelist by spreading the word on some great work in the ICS cybersecurity community. Resources evangelized in this episode: @BEERISAC OT/ICS Security Podcast Playlist https://podcasts.apple.com/us/podcast/beerisac-ot-ics-security-podcast-playlist/id1459741251 Consequence-driven Cyber-informed Engineering (CCE) https://inl.gov/cce/ ICS4ICS https://gca.isa.org/ics4ics Top 20 Secure PLC Coding Practices https://www.plc-security.com/index.html
May 13, 2022
The Risk Roundtable EP 29: Reports, and Innovation.
In the latest episode of the Risk Roundtable, in a nod to Jen, the team goes full nerd about a series of new cybersecurity products and reports. Starting off with CISA's Known Exploited Vulnerabilities Catalog Jen can barely contain her excitement about the importance of the report while also addressing the challenges organizations face. Dave, clearly out of his element, tries to counter with his own report - Sophos' The State of Ransomware 2022 report that reminded everyone ransomware is still alive and well....and thriving. Shifting to the roulette round, Dave assumes control, albeit briefly, while Jen and Andy talk about various innovative methods organizations can take to strenghten their internal programs and processes. The roundtable wrapped up with some lighter topics during Andy's three questions that were perfect for the time of year. Some of the links discussed in the pod include: Sophos: The State of Ransomware 2022: https://news.sophos.com/en-us/2022/04/27/the-state-of-ransomware-2022/ PDF in DB KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities: https://www.cisa.gov/news/2022/04/27/cisa-fbi-nsa-and-international-partners-warn-organizations-top-routinely-exploited The Gate 15 Interview: Cannabis ISAO. https://gate15.global/the-gate-15-interview-ben-taylor-on-cannabis-isao-cannabis-industry-security-cybersecurity-rescue-dogs-and-more/ The Cybersecurity Evangelist: Ep 18 – Space Systems are Critical Infrastructure for Critical Infrastructure: https://gate15.global/the-cybersecurity-evangelist-ep-18-space-systems-are-critical-infrastructure-for-critical-infrastructure%EF%BF%BC/ Cofense Annual Phishing Report Highlights 10 Point Increase in Credential Phishing: https://cofense.com/press/cofense-annual-phishing-report-highlights/ S4x22 ICS Security Event: https://s4xevents.com/ OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE): https://www.waterisac.org/portal/otics-security-%E2%80%93-consequence-driven-cyber-informed-engineering-cce (edited)
May 03, 2022
The Gate 15 Interview EP 22. Ben Taylor, on Cannabis ISAO, cannabis industry security, cybersecurity, rescue dogs and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ben Taylor, Executive Director for the Cannabis ISAO. Ben Taylor is the Executive Director of the Cannabis-ISAO. Ben also serves as a Risk Analyst to several Information Sharing & Analysis Centers and has previous security and operations experience as an Army Officer as well as working through the Department of Homeland Security’s (then) Office of Infrastructure Protection (now part of the Cybersecurity and Infrastructure Security Agency [CISA]). Ben has also spent several years in marketing and partner development roles within the tourism industry, to include working to promote Cannabis tourism in Oakland, California. To learn more about Cannabis ISAO, visit the Cannabis ISAO website, or on Twitter: @CannabisISAO and LinkedIn. In the discussion we address: Ben’s background and the work he’s doing with Cannabis-ISAO today Some background on the development of Information Sharing and Analysis Centers (ISACs) and Organizations (ISAOs) Physical security challenges for the Cannabis Industry Cybersecurity threats and issues facing the sector Scams, and other threats facing the community Among other topics, Ben plays three questions with Andy to discuss dogs, favorite books, and more! A few references mentioned in or relevant to our discussion include: Cannabis ISAO website https://cannabisisao.org Cannabis ISAO Security Town Hall https://cannabisisao.org/2022/03/cannabis-security-town-hall/ Cannabis ISAO blog and Director’s Cut posts https://cannabisisao.org/home/blog/ Cannabis ISAO Director’s Cut: December 03, addressing a ransomware incident in the Cannabis Industry https://cannabisisao.org/home/report-incident/ Report an Incident - Cannabis ISAO https://cannabisisao.org/home/report-incident/ Get Involved - Cannabis ISAO https://cannabisisao.org/home/get-involved/ Executive Order -- Promoting Private Sector Cybersecurity Information Sharing (13 Feb 2015) https://obamawhitehouse.archives.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari Executive Order -- Improving Critical Infrastructure Cybersecurity (12 Feb 2015) https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity Presidential Policy Directive -- Critical Infrastructure Security and Resilience (12 Feb 2015) https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil PDD-63 - Critical Infrastructure Protection (20 May 1998) https://clinton.presidentiallibraries.us/items/show/12762 Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO! (18 May 2021) https://gate15.global/nerd-out-security-panel-discussion-ep-13-cannabis-isao/ The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 – Faith-Based ISAO (10 Mar 2021) https://gate15.global/the-cybersecurity-evangelist-ep-8-the-isac-series-part-4-faith-based-isao/ Blog Post: So why a Cannabis ISAO? (02 Apr 2021) https://cannabisisao.org/2021/04/blog-founder/ Tucky Blunt Twitter https://twitter.com/BluntTucky Uncle Ike’s https://ikes.com/locations/white-center/
April 25, 2022
Nerd Out Security Panel Discussion: EP24. NYC, Sweden and More.
There was no shortage of topics for the Nerd Out gang to get into this month as Dave, Bridget and Joe dug into recent events. Starting off with some follow ups to hurricane predictions, outdoor festivals, and Piers Morgan (is it marketing or misinformation), the team batted around some of some of the challenges with these areas and some recent publications that can help teams plan for moving forward. Then the nerds really got into some great discussions around monitoring and situational awareness around recent incidents in NYC (subway shooting) and Ohio (arrest of security guard), as well as the escalated protests around the Quran burning in Sweden and if organizations need to think about copy-cats or a revival of protests and demonstrations this coming summer. Wrapping up with an attempt to be fun, the gang just showed how big of nerds they are yet still managed to give some suggestions for light-hearted shows or materials. Discussed on the pod: Conspiracy Theories: https://www.npr.org/2022/04/20/1093698123/online-conspiracy-theories-are-bleeding-into-all-parts-of-georgias-politics AstroWorld Report: https://gov.texas.gov/news/post/governor-abbotts-texas-task-force-on-concert-safety-releases-final-report Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
April 21, 2022
The Cybersecurity Evangelist: Ep 18 – Space Systems are Critical Infrastructure for Critical Infrastructure
A chat with Erin Miller, Executive Director of Space ISAC, from the 37th Space Symposium Have you ever thought about just how much reliance there is on space systems and how satellites – tons of them – are actually flying computers with IP addresses? In an episode that is out of this world, the Gate 15 Podcast Channel welcomes back a very special guest – Erin Miller, Executive Director of Space ISAC on the 18th episode of The Cybersecurity Evangelist – to talk about all that and more from the 37th Space Symposium at The Broadmoor in Colorado Springs. From an event that Erin called, “bigger than Disneyland,” we talked about the importance of securing space systems, the pivotal role that Space ISAC is playing to increase the cybersecurity posture for the global space community, and the general passion for cybersecurity among attendees and speakers at the symposium. Resources mentioned in this episode: Space ISAC 37th Space Symposium Dr. Stacey Dixon (LinkedIn) – Principal Deputy Director of National Intelligence, ODNI CISA Director, Jen Easterly (Twitter) Women in Cybersecurity (WiCyS) Alert (AA22-076A) Strengthening Cybersecurity of SATCOM Network Providers and Customers Purdue University University of Colorado Colorado Springs Colorado Springs Chamber & EDC United States Space Force United States Space Command United States Air Force Academy The Gate 15 Interview Ep. 16: Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!)
April 10, 2022
The Risk Roundtable EP 28: Dave's McLaughlin Group Impression.
Little did Andy know when he let Dave take the controls that he would turn it into a mini-McLaughlin Group (those in the DMV know). In this format Andy and Jen talked about four key questions around Ukraine while Dave attempted to moderate. This discussion dove deep into concerns around the current conflict in the Ukraine, Russian capabilities and organizational defenses, as well as key areas for organizations to remain mindful of! The group landed with a dud when a pop star question fell flat, but Jen quickly picked up and talked about her recent conference attendance and meeting some power people (hi CISA Jen!). The group wrapped up with some some reminders and quick hits before heading into Andy's final 3 questions. Some of the reference mentioned in the pod include: https://criticalinfrastructuredefense.org/ https://www.cisa.gov/shields-up https://www.cisa.gov/uscert/shields-technical-guidance https://www.cyberscoop.com/ukraine-russia-us-cybersecurity-companies/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/uscert/ncas/current-activity/2022/03/29/mitigating-attacks-against-uninterruptable-power-supply-devices https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/strengthening-cybersecurity-satcom-network-providers-and-customers https://www.cisa.gov/uscert/ncas/current-activity/2022/03/15/russian-state-sponsored-cyber-actors-access-network-misconfigured https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/state-sponsored-russian-cyber-actors-targeted-energy-sector-2011 https://www.ic3.gov/Media/News/2022/220325.pdf
April 05, 2022
Nerd Out Security Panel Discussion: EP23. Ukraine, Outdoor Events and the gang!
The gang is back together as Bridget Johnson and Joe Levy join Dave on the podcast to catch up on what they've missed while turning their attention to Ukraine and outdoor events. Within Ukraine, the nerdites talked about the effects of the current conflict, TikTok and the evolving information wars to include disinformation and misinformation campaigns on all sides, and what some outcomes may be long term. The gang then turned to thoughts of warmer weather and the upcoming outdoor events and activities. Looking at it through a security lens the Bridget, Joe and Dave looked at some important considerations while also keeping focus on those other events leading up to the 2022 election season. Before wrapping up with some pointed security plugs, the team talked about hurricane predictions and outdoor events to look forward to. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
March 30, 2022
The Gate 15 Interview EP 21. Gary Warner on cyber forensics, information sharing, haikus, birdwatching and more!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Gary Warner, Director of Research in Computer Forensics’ for the University of Alabama at Birmingham (UAB) and the Director of Threat Intelligence for DarkTower. From his LinkedIn bio, “Gary is the ‘Director of Research in Computer Forensics’ for the University of Alabama at Birmingham (UAB). In this role, which brings together the Computer Science and Criminal Justice departments, he is concentrating on research that will help law enforcement and other security professionals to identify, apprehend, prosecute and convict those who are committing cybercrime, and spread information to victims and potential victims about cybercrime issues. 90 analysts and programmers work in the UAB Computer Forensics Lab building tools and providing intelligence for a variety of clients around Cybercrime, Fraud, and Terrorism, as well as the Social Media aspects of more traditional crimes, including Gang Activity and Transnational Drug Networks. In addition to his duties at UAB, Warner serves as the Director of Threat Intelligence for DarkTower, a subsidiary of Queen Associates in Charlotte, North Carolina. Gary Warner was the founding president of the Birmingham InfraGard chapter, and has served as secretary and member of the board of the InfraGard National Members Alliance, among other roles. Read more on LinkedIn. Gary on Twitter: @GarWarner. Gary’s blog: CyberCrime & Doing Time; A Blog about Cyber Crime and related Justice issues. “Malware analysis is a team sport” – Gary Warner, on information sharing, during our podcast recording In the discussion we address: • Gary’s backstory and the work he’s doing today • Information sharing and the value of plugging into information sharing communities • The great work being done by the FBI and CISA • The importance of knowing your competition, China, Russia, and ongoing threats • Some of Gary’s go-to resources • Gary talks about haikus, Talking Heads, GarBot, birdwatching, and more! “CISA, it's a new era of info sharing in the government” before giving some shout outs to CISA’s first Director, Chris Krebs, and current Director, Jen Easterly A few references mentioned in or relevant to our discussion include: • CISA’s Known Exploited Vulnerabilities Catalog (KEVC), something Gate 15’s Jen Walker raves about often, including in our recent Risk Roundtable: The Risk Roundtable EP 27: Don’t let bias guide your preparedness (07 Mar 22). https://www.cisa.gov/known-exploited-vulnerabilities-catalog • Gary discussed this event: Justice Department Announces Court-Authorized Effort to Disrupt Exploitation of Microsoft Exchange Server Vulnerabilities (13 Apr 21) https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft-exchange • BITNET https://bit.net • FBI SENTINEL System https://www.fbi.gov/services/information-management/foipa/privacy-impact-assessments/sentinel • Intellipedia https://en.wikipedia.org/wiki/Intellipedia • REN-ISAC https://www.ren-isac.net • Gary’s four CISA “must watch” sites from the CISA cyber landing page: o Current activity: https://www.cisa.gov/uscert/ncas/current-activity o Alerts: https://www.cisa.gov/uscert/ncas/alerts o Bulletins: https://www.cisa.gov/uscert/ncas/bulletins o Analysis: https://www.cisa.gov/uscert/ncas/analysis-reports • Gary strongly encouraged listeners to check CISA Director Jen Easterly’s “about” section in her LinkedIn profile to understand why she is so excellently qualified to be the woman leading CISA today (something Chris Krebs, her predecessor at CISA agrees with)
March 21, 2022
The Cybersecurity Evangelist: Ep 17 – Health-ISAC, the ISAC Most Likely to Appear on the Gate 15 Podcast Channel
This month, The Cybersecurity Evangelist chats with a couple of budding podcasters. For the third appearance on the Gate 15 Podcast Channel, the Health Information Sharing and Analysis Center (H-ISAC) joins me for episode 17. I got to put my ISAC analyst hat on and talk with the heart of Health-ISAC – the dynamic duo of Zach Nelson (Threat Operations Center Manager) and Joshua Justice (Senior Cyber Threat Intelligence Analyst) from the Threat Operations Center about what drives Health-ISAC and the goals of the Threat Operations Center – the privacy and security of our protected health information (PHI) and why threat actors want that information – yours and mine! We also talked a little about cross-sector collaboration, especially between the ISACs, and rounded it out with a general reminder for all to be #BeCyberSmart about phishing themes leveraging the Russia-Ukraine conflict. Resources mentioned in this episode Health-ISAC H-ISAC Events The Gate 15 Interview: A Conversation with Errol Weiss, Chief Security Officer, Health-ISAC (27 July 2020) Nerd Out Security Panel Discussion: EP 15. Let’s talk about Health! (July 2021) Current and Emerging Healthcare Cyber Threat Landscape (watch for the TLP:WHITE version of this report) What To Know About Medical Identity Theft (FTC)
March 14, 2022
The Risk Roundtable EP 27: Don't let bias guide your preparedness
In the latest Risk Roundtable, Andy, Jen, and Dave talk about the war in Ukraine and what it means for preparedness. Sometimes you just have to call a spade a spade and not allow personal, political or other bias to affect your organization’s analysis or preparedness. While Andy and Dave throw flags on their previous predictions, Jen brings us back to reality and talks about being aware, being prepared, and reminds “don’t panic.” Andy then drills down on bias and how it can have an impact on organizations. During the Roulette Round, Jen talked about CISA’s Known Exploited Vulnerabilities Catalog, vulnerabilities, and patching (while Dave ensured it wasn’t his Windows 2000 computer exposure that Jen was referring to…), then Dave brought up the importance of disaster preparedness in light of spring and summer severe weather events. Andy wrapped things up with a quick talk about the “People’s Convoy” and the battle of the Washington, D.C. Beltway! The pod wraps up with three questions – from COVID predictions, to Andy’s confusion about when seasons start, to Batman. Link mentioned in the pod include: CISA’s Shields Up webpage: https://www.cisa.gov/shields-up CISA: Russia Cyber Threat Overview and Advisories. https://www.cisa.gov/uscert/russia#russian And our post on the Gate 15 blog from 03 March, Russian Cybersecurity Threats: 5 Asks from the FBI: https://gate15.global/russian-cybersecurity-threats-5-asks-from-the-fbi/ Bridget Johnson on Twitter, and at Homeland Security Today (HS Today) CISA Adds 95 Known Exploited Vulnerabilities to Catalog (03 Mar 22): https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/cisa-adds-95-known-exploited-vulnerabilities-catalog WaterISAC: Update (March 3, 2021) – 95 Added to CISA’s Known Exploited Vulnerabilities Catalog (03 Mar 22): https://www.waterisac.org/portal/cisa’s-known-exploited-vulnerabilities-catalog Microsoft: Customer Guidance for WannaCrypt attacks (12 May 17): https://msrc-blog.microsoft.com/2017/05/12/customer-guidance-for-wannacrypt-attacks/ ZDNet Ransomware attack: Hospitals still struggling in aftermath of WannaCrypt's rampage (15 May 17): https://www.zdnet.com/article/ransomware-attack-hospitals-still-struggling-in-aftermath-of-wannacrypts-rampage/
March 08, 2022
The Cybersecurity Evangelist: Ep 16 - Everybody Loves Love (PSA on Romance Scams)
Why Scammers Love Love Too! On Episode 16, The Cybersecurity Evangelist talks about love! Well, more specifically romance scams. I talked about the social engineering component of romance scams, a few fraud reports and financial losses due to romance scams, red flags that could indicate someone you know is caught in a romance scam, some common and practical steps to defeating romance and other types of social engineering based scams, and the importance of reporting romance scams. No matter how painful, falling for a romance scam is nothing to be ashamed of. Romance scams can happen to anyone at any age. Resources mentioned in this episode: The Gate 15 SUN https://paper.li/gate15#/ (subscribe!!) FTC https://www.consumer.ftc.gov/ & ReportFraud.FTC https://reportfraud.ftc.gov/#/ Stop. Think. Connect. https://stopthinkconnect.org/ Stay Safe Online (National Cybersecurity Alliance) https://staysafeonline.org/ Cybercrime Support Network (CSN) https://cybercrimesupport.org/ Fight Cybercrime https://fightcybercrime.org/ Identity Theft Resource Center (ITRC) https://www.idtheftcenter.org/
March 01, 2022
The Gate 15 Interview EP20. Joseph Marks and Cybersecurity 202!
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Joseph Marks, Washington Post reporter for The Cybersecurity 202. From his Washington Post bio, “Joe Marks writes The Cybersecurity 202 newsletter focused on the policy and politics of cybersecurity. Before joining The Washington Post, Marks covered cybersecurity for Politico and Nextgov, a news site focused on government technology and security. He also covered patent and copyright trends for Bloomberg BNA and federal litigation for Law360. Marks began his career at Midwestern newspapers covering city and county governments, crime, fires and features. He spent two years at the Grand Forks Herald in North Dakota and is originally from Iowa City. Joe on Twitter, @Joseph_Marks_. Joe on LinkedIn. Subscribe to The Cybersecurity 202. In the discussion we address: Joe’s background and the work he’s doing today at the Washington Post Joe’s perspective on “insider the beltway” cybersecurity The Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity and geopolitical threats Joe plays three questions and more! A few references mentioned in or relevant to our discussion include: Subscribe to The Cybersecurity 202 https://www.washingtonpost.com/newsletters/the-cybersecurity-202/ The Cybersecurity 202: The cyber fight in Ukraine is getting more serious, 16 Feb https://www.washingtonpost.com/politics/2022/02/16/cyber-fight-ukraine-is-getting-more-serious/ The Cybersecurity 202: Cyber’s role in the Ukraine-Russia crisis remains unclear, 15 Feb https://www.washingtonpost.com/politics/2022/02/15/cybers-role-ukraine-russia-crisis-remains-unclear/ Jen Easterly's Keynote at the Munich Cybersecurity Conference - Just one word: Culture! On YouTube. https://www.youtube.com/watch?v=Hgr4h8ufxVU Deputy Attorney General Lisa O. Monaco Delivers Remarks at Annual Munich Cyber Security Conference https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-remarks-annual-munich-cyber-security An interesting thread on Twitter from Doug Madory (@DougMadory), Director of Internet Analysis at Kentik (@kentikinc), on the assertion that Russia had cut a subsea cable when it annexed Crimea, mentioned without detail in the podcast. https://twitter.com/dougmadory/status/1488608548099612674?s=21 Our recent Gate 15 Risk Roundtable where Dave, Jen and I talk Ukraine and Jen shares some thoughts on preparedness: The Risk Roundtable EP 26: Making the Quantum Leap! CISA: Shields Up https://www.cisa.gov/shields-up CISA: Russian State-Sponsored Actors Target Cleared Defense Contractor Networks, 16 Feb https://www.cisa.gov/uscert/ncas/current-activity/2022/02/16/russian-state-sponsored-actors-target-cleared-defense-contractor CISA: Alert (AA22-047A) - Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology, 16 Feb https://www.cisa.gov/uscert/ncas/alerts/aa22-047a CISA: Russia Cyber Threat Overview and Advisories https://www.cisa.gov/uscert/russia
February 21, 2022
Nerd Out Security Panel Discussion: EP22. Taking your Questions!
Dave goes solo again to handle some common questions he faces, but only after sharing some of his thoughts on the Olympics and his favorite t.v. shows. But then getting down to business Dave talked about three questions - starting your security plan (now), getting into the business (be flexible and get your foot in the door), and the security shortage (invest in your people). Security is a challenge but it's even harder when you put it off time and time again - get started and refine and improve. Dave then gets on his soapbox and tells others to get off his yard when talking about getting into the business while having organizations stop complaining about the lack of talent and instead investing in their own to build a strong workforce. Along the way, Dave even said a nice thing about Andy.
February 08, 2022
The Risk Roundtable EP 26: Making the Quantum Leap!
In the first Risk Roundtable of 2022 - the gang is finally back in the same country again to talk about the latest security issues. Not that they went back in time, but harkening back to the Cold War, the roundtable talked about the current tensions between Ukraine and Russia. Highlighting the differences form that bygone era, Jen talked about the global reach that Russia has to target organizations well beyond the European Continent. Dave then expounded and reminded listeners of the importance of looking at capabilities and not focused on a far off land. Then Jen gave Andy much credit for recognizing our hero Troy Hunt for all the great work that he, and other security professionals and teams who provide services for free or low costs. Before going into Andy's three questions Dave expounded a bit and talked about the Global Risk Report from the World Economic Forum. The gang ended on some fun talking about Valentine's Day, Quantum Leap, and Boba! Some links: Link to Ronnie video Ronnie Rants on You Tube https://youtu.be/kd1dXZcncgI Known exploited vulnerabilities https://www.cisa.gov/known-exploited-vulnerabilities-catalog Buy me a coffee. ‘I’m no Troy Hunt’ https://gate15.global/opinion-the-best-things-in-life-are-free-like-hibp-but-maybe-chip-in/ WEF: Global Risk Report https://www.weforum.org/reports/global-risks-report-2022 CIS: https://www.cisecurity.org/controls/cis-controls-list/
February 03, 2022
Nerd Out Security Panel Discussion: EP 21. Quarantine and Colleyville Attack
In the latest episode of Nerd Out, Dave starts off by talking about his recent quarantine experience in Costa Rica (21 days!) before welcoming in a panel to discuss the Colleyville, Texas synagogue attack. Bringing in Mayya Saab, Seth Ozer, and Ed Heyman the panel went through the hostile event and looked at initial reactions, what can be learned from this situation, and some of the key takeaways. The team then stressed the importance of training in this situation, but also discussed several low cost options and ways to make their location more secure. Mayya Saab is the Executive Director of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO); Seth Ozer is Senior Consultant with Woodstone Consulting, LLC; Ed Heyman is the co-chair of the FB-ISAO Organizational Residence Group
January 25, 2022
The Gate 15 Interview EP 19. Ronnie Tokazowski, Principal Threat Advisor at Cofense on Business Email Compromise (BEC), 419 scams, Indian food, and so much more!
Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ronnie Tokazowski, Principal Threat Advisor at Cofense. Ronnie is a recognized expert cybersecurity researcher with success in reverse engineering both crimeware and Advanced Persistent Threat malware, including creation of decoders and indicators for detecting malicious attacks. When he’s not frustrating bad guys, Ronnie is an accidental YouTuber, likes cooking, spicy food, and memes. Ronnie on Twitter, @iHeartMalware. Ronnie’s YouTube channel: Ronnie Rants. In the discussion we address: Ronnie’s background and the work he’s doing at Cofense Business Email Compromise (BEC) Voodoo (no, seriously…) Ronnie’s hair and more! “(at Cofense), we try to go back to the human…” – Ronnie Tokazowski, during our discussion, 10 Jan 2022 A few references mentioned in or relevant to our discussion include: What 6 Years of Success in a Global Takedown Operation Looks Like, and How You Can Do It, Too, a Medium post by Ronnie, 02 Jan Cofense Faith-Based Information Sharing and Analysis Organization (FB-ISAO) FBI on Business Email Compromise (numerous links to BEC related information from the FBI) FBI 2020 IC3 Annual Report & 2020 State Reports G4 Boyz x G4Choppa "Scam Likely" (Official Video) G4 Boyz feat. G4Choppa - SBA Job (Official Music Video) G4Choppa & G4 Boyz - “In Scam We Trust” (Official Music Video - WSHH Exclusive) Here’s Ronnie providing some commentary: Fun with Fraudsters - Reacting to SBA Job by G4 Boyz Cofense Wins AI-Based Cybersecurity Solution of the Year in 2021 CyberSecurity Breakthrough Awards, 05 Oct 2021 Cofense Joins Microsoft Intelligent Security Association (MISA), 26 Oct 2021 Channel Insider: Best Email Security Providers & Services 2022, 23 Dec 2021 Traffic Light Protocol (TLP) Definitions And Usage, via CISA In our discussion, Ronnie mentions Brian Krebs’ Krebs on Security blog (and on Twitter, @briankrebs). Some links to his BEC-related posts can be accessed here.
January 17, 2022
The Cybersecurity Evangelist: Ep 15 - Happy New Cyber Habits 2022!
This first TCE episode of 2022 (and first video - on Spotify) includes a few gentle and some not-so-gentle reminders on cybersecurity best practices and practices for better cyber hygiene. I start with a few cybersecurity controls for businesses to buckle down on this year, including identifying assets, vetting vulnerabilities, and pursuing more potent password policies. Then, I actually persist on the password point with some pontification about our predilection for problematic passwords and propose pointers for a more polished password posture. While there’s probably nothing new in this episode, I hope it serves as a gentle nudge to promote better cyber hygiene habits – not just resolutions for 2022, but positive habits to develop for all-time toward a more cyber secure you! I also evangelize for a new CISA resource - the Known Exploited Vulnerabilities Catalog. Other resource mentioned in this episode: https://www.consumer.ftc.gov/articles/password-checklist
January 11, 2022
The Gate 15 Interview EP 18. RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ Roll
The Gate 15 Interview: RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ RollIn this episode of The Gate 15 Interview, Andy Jabbour speaks with two leaders from the Retail Industry Leaders Association (RILA), Ms. Lisa LaBruno, RILA’s Senior Executive Vice President of Retail Operations, and Mr. Michael Hanson, RILA’s Senior Executive Vice President of Public Affairs. The RILA “is the U.S. trade association for leading retailers. RILA partners with leading retailers to meet the challenges of a dynamic economy. Through collaboration and thought leadership, we advance ideas that foster free markets, competition, economic growth, and sustainability.” RILA on Twitter, @RILATweeets.In the discussion we address: The enduring threat of Organized Retail Crime (ORC) Private sector activity relating to ORC Private-public partnership and legislative action on ORC RILA’s focus for 2022 Country music, meatballs, Springsteen, and more! A few references mentioned in or relevant to our discussion include: RILA website - https://www.rila.org Real Estate Information Sharing and Analysis Center (RE-ISAC) RILA: CEOS Call on Congress to Address Surge of Retail Crime, 09 Dec 2021 The Buy Safe America Coalition Impact of Organized Retail Crime and Product Theft, Buy Safe America The INFORM Consumers Act of 2020, Buy Safe America Retailers Press Amazon to Back INFORM Consumers Act, Buy Safe America, 27 Aug 2020 Durbin, Cassidy, Grassley, Hirono, Coons, Tillis Introduce Bill to Ensure Greater Transparency for Third-Party Sellers of Consumer Products Online (The Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers [INFORM Consumers] Act), 23 Mar 2021 Amazon: INFORM Act punishes small businesses and favors one particular business model, 28 Apr 2021 Buy Safe release announcing the study: Retail Theft Balloons to over $68 Billion, Buy Safe America Homeland Security Express Concern on Retail Crime, Buy Safe America ‘What is organized retail crime? Organized retail crime (ORC) refers to professional shoplifting or other theft occurring in retail stores. These criminals are increasingly turning to online marketplaces to quickly and discretely move mass quantities of stolen merchandise. Unfortunately, these criminal rings are growing more brazen and violent, putting the safety of customers and store employees in jeopardy. Organized rings are often involved in other crimes within the community, including narcotics, money laundering and human trafficking.’ – Buy Safe America, https://www.buysafeamerica.org/myth-vs-facts Lisa LaBruno is RILA’s Senior Executive Vice President of Retail Operations. In this role, LaBruno leads RILA’s efforts in the association’s key retail disciplines including asset protection, store operations, supply chain and e-commerce. She directs all research initiatives, educational programming for the annual LINK and Retail Asset Protection conferences, and executive networking to promote operational excellence within the industry. She has 30 years of relevant experience in both the public and private sector, including as an assistant prosecutor (Hudson County, NJ), in-house attorney at the Archdiocese of Newark and in-house attorney at The Home Depot and serves on the Board of Directors of the Loss Prevention Foundation. Michael Hanson is RILA’s Senior Executive Vice President of Public Affairs, overseeing the Association’s government affairs and communications arms. Hanson is responsible for identifying the industry’s top public policy challenges and working with both leading retailers and key stakeholders to elevate the industry in Washington, DC and across the country. Hanson most recently served as chief public policy officer at Sabre, a leading travel technology company, where he led legi
December 27, 2021
Nerd Out Security Panel Discussion: EP 20. Retail crime and the year it was!
The last Nerd Out episode of the season comes out strong talking about retail crime as Bridget shared stories of her busting out shoplifting trends, and then talking about the larger security issues at play (specifically overwhelming security) with the latest smash and grab incidents during the holidays. Joe then talked about the ways that these type of issues could spread to other sectors and encouraged organizations to evaluate their processes and training. The nerds then turned the clock back to look at some of the takeaways from 2021 while looking ahead to 2022 to see what organizations can do to start planning for. And for all the areas that were covered, there were so many more highlighting the continued challenge that organizations face. Wrapping up the year on a fun note, the merry band of nerds talked about their favorite holiday movie. Can you guess them all? It's been quite a year for the Nerd Out podcast and we want to wish you all a safe holidays, and we are looking forward to a great 2022! Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
December 21, 2021
The Risk Roundtable: EP 25. Holiday scams, reporting and year end fun!
In the latest episode of the Risk Roundtable, Andy leads the team through a review of the latest risks facing individuals and organizations. Jen decked the halls talking about the latest holiday scams that continue to bring coal to good boys and girls. Then Dave talked about the latest school shooting in Michigan and tried not to be a Scrooge by talking about some positive take-aways while highlighting important lessons still to be learned in Christmas future. Then, while Dave danced to spinning the wheel in his head, the roundtable talked about their favorite moments from across the Gate 15 Podcast Channel, after all, we are living in a physical world (Jen). The podcast wrapped up with some holiday cheer talking about favorite television or movies for the season. From all of us at Gate 15, to all of the security teams and organizations around the world, here is hoping for a happy holidays and a wonderful 2022! Companies Linked to Russian Ransomware Hide in Plain Sight. Cybersecurity experts tracing money paid by American businesses to Russian ransomware gangs found it led to one of Moscow’s most prestigious addresses. https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Gate 15 Releases a White Paper with an Update to the Hostile Event Attack Cycle. https://gate15.global/gate-15-releases-a-white-paper-with-an-update-to-the-hostile-event-attack-cycle/ Known Exploited Vulnerabilities Catalog | CISA. https://www.cisa.gov/known-exploited-vulnerabilities-catalog Advanced threat predictions for 2022. Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. https://securelist.com/advanced-threat-predictions-for-2022/104870/
December 08, 2021
The Gate 15 Interview EP 17. Bob Kolasky talks critical infrastructure, risk, Guns N’ Roses and pizza
In this episode of The Gate 15 Interview, Andy Jabbour talks with Robert (Bob) Kolasky, Cybersecurity and Infrastructure Security Agency’s (CISA) Assistant Director, leading the National Risk Management Center (NRMC) since 2018. At the NRMC, Bob “oversees the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. The Center provides a central venue for government and industry to combine their knowledge and capabilities in a uniquely collaborative and forward-looking environment. Center activities support both operational and strategic unified risk management efforts. ” Bob’s complete DHS bio (https://www.cisa.gov/bob-kolasky). Bob on LinkedIn (https://www.linkedin.com/in/bob-kolasky-92ab554/). Bob on Twitter, @BobKolasky. In the discussion we address: • Bob’s background • The CISA National Risk Management Center • Election security and election integrity • DHS’s role in 5G risk management • DSH and climate change • Designated sectors of critical infrastructure and some potential upcoming changes • Growing up Gen X, music, pizza and more! A few references mentioned in or relevant to our discussion include: About the NRMC: • The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) • Visit the NRMC Initiatives to learn more about each initiative - https://www.cisa.gov/nrmc-initiatives • Visit the NRMC Newsroom for the latest press releases, media advisories, and blog articles - https://www.cisa.gov/nrmc-newsroom • Download and share the National Risk Management Center Fact Sheet - https://www.cisa.gov/publication/national-risk-management-center-fact-sheet Additional background (general): • NSA-CISA Series on Securing 5G Cloud Infrastructures • Auto-ISAC. We tipped our hats to Auto-ISAC Executive Director, Faye Francy. • The Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC®) was established by the EIS-GCC to support the cybersecurity needs of the elections subsector. Through the EI-ISAC, election agencies will gain access to an elections-focused cyber defense suite, including sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness and training products, and tools for implementing security best practices • White House: Readout of President Joseph R. Biden, Jr. Call with President Vladimir Putin of Russia, 09 Jul (RE: ransomware). • White House: FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware, 13 Oct. • White House: Background Press Call on the Virtual Counter-Ransomware Initiative Meeting, 13 Oct. • White House: Joint Statement of the Ministers and Representatives from the Counter Ransomware Initiative Meeting October 2021, 14 Oct. Space as critical infrastructure: • The Gate 15 Interview Ep. 16: Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!) • INSA: Designating Space Systems As New U.S. Critical Infrastructure Sector, 02 Nov. • Space hacking risks pose cyber policy test for Biden admin, 02 Nov. • Aspen Institute Panel: Space as Critical Infrastructure, 03 Nov. • Space could be the next frontier for cyber threats, 08 Nov. • FACT SHEET: Vice President Harris Announces Initiatives on Space and Cybersecurity, 10 Nov. Faith-Based organizations as critical infrastructure: • Security Debrief: A Letter to the Trump Administration – Establish a Faith-Based Sector of Critical Infrastructure, 15 Jun 2020. • The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 – Faith-Based ISAO Climate Change: • DHS Actions: Climate Change - https://www.dhs.gov/dhs-actions-climate-change • White House Fact Sheet: Prioritizing Climate in Foreign Policy and National Security, 21 Oct. • DHS Strategic Framework for Addressing Climate Change. “The U.S. Department
November 22, 2021
Nerd Out Security Panel Discussion: EP 19. Talking Crowd Control and the Holidays - in 2 Parts!
In the latest episode of Nerd Out, this is a very special two parter. In the first part, the nerdies (Bridget and Joe) talk about the fallout from the Houston Astropark disaster ranging from the considerations that go into the event planning, and whether there should be a blame game. And then they look at how threat actors may use this event for future threat planning (note the Hostile Events Attack Cycle) before turning their attention to the latest National Terrorism Advisory System Bulletin release and what it could mean for the holidays. In part two, Dave welcomes in Tamara Herold and goes a little deeper into the Houston incident and what it could mean for events moving forward. Some references brought up in the podcast: Example of Crowd wave: https://www.youtube.com/watch?v=BgpdmAtbhbE Crowd Dynamics: https://www.youtube.com/watch?v=kmqsc7srIfY and https://www.youtube.com/watch?v=Txrs4ssiAz0 Roger Federer saves kid: https://www.youtube.com/watch?v=RymfiBXKuMQ 2018 Concert in Italy: https://celebrityaccess.com/2018/12/08/all-ages-concert-stampede-in-italy-leaves-at-least-6-dead/ Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ Tamara D. Herold, Ph.D., Associate Professor, Graduate Director, University of Nevada, Las Vegas (UNLV) Director, Crowd Management Research Council Department of Criminal Justice. Twitter: @advancetheline and @herold_tamara
November 17, 2021
The Risk Roundtable: EP 24. Are you Living in the Physical World?
In the latest Risk Roundtable, Andy, Dave and Jen ponder whether or not we live in the physical world or if a little time off took Jen to a whole new dimension. Kicking off with another acronym soup month, the team looks at Critical Infrastructure Security and Resilience Month and the downstream impacts that can affect organizations who fail to incorporate for critical infrastructure into their preparedness plans. Then roundtable talked about the recent warning of terrorist capabilities to strike the U.S. as well as whether organizations are better prepared today to address a crisis than they were pre-COVID. In the process, the team came up with a new term - "Preparedness Calculus" - and whether organizations are evaluating events and factoring that into their preparedness process. The discussions wrapped up with Andy's three questions involving some favorite fall themes - warm clothing, turkey, and the Lion's losing. But before signing off, Dave had to talk about his enjoyment for Dune, but did he show some hypocratic tendencies? Some links to items discussed in the podcast included: White House Critical Infrastructure Month Proclamation. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/10/29/a-proclamation-on-critical-infrastructure-security-and-resilience-month-2021/ CISA Infrastructure Security Month Materials: https://www.cisa.gov/infrastructure-security-month https://www.cisa.gov/publication/guide-critical-infrastructure-security-and-resilience (2019) https://www.cisa.gov/publication/methodology-assessing-regional-infrastructure-resilience (June 2021) Critical Infrastructure Sectors. https://www.cisa.gov/critical-infrastructure-sectors See Something Say Something. https://www.dhs.gov/see-something-say-something See Something Say Something: Report Suspicious Activity. https://www.dhs.gov/see-something-say-something/how-to-report-suspicious-activity Webinar: Getting Started Now: Pandemic Preparedness After-Action Reports, 10 Apr 2020. https://gate15.global/webinar-getting-started-now-pandemic-preparedness-after-action-reports/ Webinar Recording: Getting Started Now: Pandemic Preparedness After-Action Reports, 17 Apr 2020. https://gate15.global/webinar-recording-getting-started-now-pandemic-preparedness-after-action-reports/ REN-ISAC and report: https://www.ren-isac.net/public-resources/workshops/index.html & https://www.ren-isac.net/public-resources/2021_REN-ISAC_Blended_Threat_Workshop_Final_Report.pdf
November 02, 2021
The Gate 15 Interview EP 16. Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!)
In this episode of The Gate 15 Interview, Andy Jabbour talks with Erin Miller, Executive Director for Space ISAC (https://s-isac.org). “The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information.” Erin on Twitter (@erinmarmiller). Erin on LinkedIn (@erinmarlenemiller). In the discussion we address: Erin’s background Space ISAC, now and into the future Blockchain in space Threats, risks and working with the community to secure space infrastructure Erin weighs in on important issues, including the great Pluto debate (!), and more in our three questions segment And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. ‘We are on a journey and our journey is multi-decades long…’ A few references mentioned in or relevant to our discussion include: Microsoft blog: Microsoft joins Space ISAC as founding member to further space cybersecurity intelligence, 23 Jun 2021 - https://blogs.microsoft.com/blog/2021/06/23/microsoft-joins-space-isac-as-founding-member-to-further-space-cybersecurity-intelligence/ Space ISAC members and membership - https://s-isac.org/membership/ Andy shares a favorite space tweet - https://twitter.com/andyjabbour/status/1450449282318979074?s=21
October 25, 2021
Nerd Out Security Panel Discussion: EP 18. Dave Solo?! Talking Recent Events and Preparedness
In the most recent episode of Nerd out, and as accurately described by Ron Burgundy it could be a horrible news story but Dave goes solo to talk about the recent events. These include the Norway Bow and Arrow attack, the murder of a British Member of Parliament, and two of the more recent insider threat attacks and how organizations can learn from these events and improve their security posture. Dave then goes a little pop culture to talk about his three favorite security movies and shows. He also uses these references to talk about how organizations can build and nuture their own intelligence analysts and the value they can bring to an organizations. Rough transitions aside and some help from Ron Burgundy and Syndrome aside the panel will return for next month as they look ahead to what should be a busy holiday season.
October 19, 2021
The Cybersecurity Evangelist_Ep14_Cybersecurity Awareness Month 2021
The Cybersecurity Evangelist "evangelizes" Cybersecurity Awareness Month 2021. Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and cisa.gov/ncsam. Other resources mentioned during this episode: https://www.cisa.gov/cyber-essentials https://www.ic3.gov/ https://www.sans.org/tip-of-the-day?msc=main-nav https://cybercrimesupport.org/ https://fightcybercrime.org/ https://gate15.global/cybersecurity-awareness-month-2021-tips-from-the-pros/
October 14, 2021
The Risk Roundtable: EP 23. CAM, Disgruntled Employees, and Scott Bakula
The latest episode of the Risk Roundtable gets the group going in all sorts of directions ranging from an opening related to COVID fatigue, Cybersecurity Awareness Month, and disgruntled employees. After deliberating whether they need a new roulette round music selection (Dave volunteered to sing it), the group sang the praises of new CISA chief Jen Easterly and the way she has been out front on all of the latest security issues, as well as sharing some of our favorite security twitter feeds, as well as hitting on the importance of Patching (catch out Jen's latest Cybersecurity Evangelist Pod for more details). The group wrapped up with Andy's three questions to address Super Bowl projections, Halloween, and what show we would want to reboot - hello Quantum Leap! Some of the reports and postings referenced in the podcast include: CISA and Krebs: https://gate15.global/cybersecurity-infrastructure-security-time-to-make-this-happen/ Cybersecurity Awareness Month - Tips from the Pros: https://gate15.global/cybersecurity-awareness-month-2021-tips-from-the-pros/ Jen Easterly Twitter: https://twitter.com/CISAJen Suzanne Spaulding Twitter: https://twitter.com/SpauldingSez Chris Krebs Twitter: https://twitter.com/C_C_Krebs Jennifer Lyn Walker, Director of Cyber Defense Posts: @Gate_15_Analyst & @WaterISAC, LinkedIn: https://t.co/XGIB3hLkam Disgruntled Employees: https://www.waterisac.org/portal/insider-threat-%E2%80%93-former-employee-indicted-unauthorized-computer-access-intent-harm-kansas HEAC White Paper: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/
October 05, 2021
Nerd Out Security Panel Discussion: EP 17. Lessons of the past to prepare the future
In the latest edition of Nerd Out, Dave is joined by nerdette Bridget Johnson, and nerd Joe Levy to take stock of what did and did not happen at the recent Justice for January 6th event in Washington D.C. and the preparedness lessons learned. Equally important is how could venues use those lessons to plan for the future. The team also looked at some of the root causes for the low attendance and why there may be a larger cause for concern. The merry band of nerds and nerdettes went through some fall-inspired quick hits all the while giving due credit to CISA for their bevy of resources to include the latest series: De-Escalation Series for Critical Infrastructure Owners and Operators (www.cisa.gov/publication/de-escalation-series). Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
September 28, 2021
The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Arena, CEO, Intel 471. In the discussion we address: Mark’s background Intel 471 Cyber threats Future threats And more! “It all goes down to password reuse… enforce two-factor authentication on everything…” – Mark Arena Mark on Twitter: @markarenaau. Mark on LinkedIn. https://www.linkedin.com/in/mark-arena-36a86516/ Intel471 on Twitter: @Intel471Inc. Intel471 on LinkedIn. https://www.linkedin.com/company/intel-471/ A few references mentioned in or relevant to our discussion include: Intel 471: https://intel471.com Intel 471’s Cyber Underground General Intelligence Requirements Handbook. https://intel471.com/resources/cu-girh-download-request Upcoming Intel 471 video podcast! Intel 471 CTI experts will examine recent developments in the cyber underground through the lens of the media & telecommunications sector. Check it out: 28 Sep 2021, 11am (see registration link for time zone options). Register here: https://hubs.la/H0WW0Gn0. Top FBI official says there is 'no indication' Russia has taken action against hackers, The Hill, 14 Sep 2021. (https://thehill.com/policy/cybersecurity/572184-top-fbi-official-says-there-is-no-indication-russia-has-taken-action) “Based on what we’ve seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there… We’ve asked for help and cooperation with those who we know are in Russia who we have indictments against, and we’ve seen no action, so I would say that nothing’s changed in that regard,” - FBI Deputy Director Paul Abbate, via The Hill Russia is fully capable of shutting down cybercrime, CSO Online, 14 Sep 2021. (https://www.csoonline.com/article/3632943/russia-is-fully-capable-of-shutting-down-cybercrime.html) Australian Cyber Security Centre Essential Eight. (https://www.cyber.gov.au/acsc/view-all-content/essential-eight) “While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.” Thoma Bravo Makes Strategic Investment in Intel 471 Announcement, 08 Sep 2021. (https://intel471.com/company/press-releases/thoma-bravo-makes-strategic-investment-in-intel-471)
September 20, 2021
TCE EP13 - Prattling on About Patching on this Podcast Party of One
Your favorite cybersecurity evangelist waxes solo and prattles on about patching in this no frills episode of TCE.
September 16, 2021
The Risk Roundtable: EP 22. Acronym Soup
Security awareness months kick into high gear and the Risk Roundtable crew gives their thoughts on the various ones (NPM, NITAM, NCAM, XYZPDQ...) and the heart of each one - Preparedness and Awareness! The group then talks about some of the ongoing protest activities and look ahead to some upcoming events including the "Justice for J6" event. Continuing the preparedness theme, and switching to the Roulette Round the roundtable turned to everyone's favorite security researcher - Troy Hunt and him living his best life while making everyone aware of their risks as well as a lively debate on passwords. Toss in some comments about weather preparedness and whatever Andy wanted to go off on and the group wrapped up with some fun (even questionable) questions. Still not sure why everyone shutters at green holidays. Some of the references from the discussion: National Preparedness Month | Ready.gov: https://www.ready.gov/september National Insider Threat Awareness Month: https://www.odni.gov/index.php/ncsc-features/2834 Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger, September 2, 2021: https://www.whitehouse.gov/briefing-room/statements-releases/2021/09/02/press-briefing[…]-and-emerging-technologies-anne-neuberger-september-2-2021/ The White House Memo to Industry on Ransomware: Take Action (Now): https://gate15.global/the-white-house-memo-to-industry-on-ransomware-take-action-now/ Stuff Off Search | CISA: https://www.cisa.gov/publication/stuff-off-search www.cisa.gov/sites/default/files/publications/Assets_Showing_Primer_508c.pdf Troy Hunt Montage: https://www.pentestpartners.com/security-blog/from-open-guest-wi-fi-to-pwning-a-lift/ https://abbreviations.yourdictionary.com/reference/abbreviations/what-is-an-initialism.html https://www.troyhunt.com https://haveibeenpwned.com https://www.youtube.com/watch?v=N_y8B-tmDM0 TroyHunt from BlackHat Asia Lessons from 11 Billion Breached Records (edited) https://twitter.com/rhowe212/status/1433308481214369797 https://youtu.be/N_y8B-tmDM0 https://www.ncsc.gov.uk/news/ncsc-lifts-lid-on-three-random-words-password-logic James DeMeo - What's Your Plan? https://jamesademeo.com
September 07, 2021
The Gate 15 Interview EP 14. Amanda Mason, Vice President, Intelligence, Related Companies, discusses security, info sharing, terrorism, extremism, 9/11, and more.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Amanda Mason, Vice President, Intelligence, Related Companies. “Our passion for urban life could not be any stronger. We are committed to moving our communities forward and enriching people’s lives.” - Stephen M. Ross, Chairman & Founder. Amanda on LinkedIn. In the discussion we address: Amanda’s background Amanda’s current responsibilities at Related Companies COVID and safe and secure operations and reopening The recent National Terrorism Advisory System Bulletin, Afghanistan and associated concerns Terrorism, extremism, and the upcoming 20th anniversary of the 9/11 attacks And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. “We can’t necessarily predict, but we can prepare.” A few references mentioned in or relevant to our discussion include: Learn more about Related! https://www.related.com New York Post, Real estate giant Related Cos. to require all employees to get vaccinated (02 Aug 2021) National Terrorism Advisory System (NTAS) Bulletin (13 Aug 2021) DHS CISA: MIS, DIS, Malinformation DHS CISA: Countering Disinformation In Social Media video DHS FEMA: Homeland Security Exercise and Evaluation Program DHS FEMA: ICS Resource Center “We have to do our tabletop exercises… we have to think of the worst case scenario.” “I can’t believe that I get to protect a landmark asset in NYC.” The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues. Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Anchor, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes: The Risk Roundtable, is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally. The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics. The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues. We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: podcast@ga
August 23, 2021
Nerd Out Security Panel Discussion: EP 16. Terrorism, NTAS, Misinformation, COVID, and the end credits!
After a a busy couple of weeks, the merry band of Nerdies gathered to discuss the latest news on the terrorism and extremist front and how misinformation has shaped so much of these advanced. The group started with Bridget’s reporting of a new Al Qaeda message, which was followed with press reports extremist chatter and then the he National Terrorism Alert System Bulletin. These all gave the group an opportunity to talk to the risks to various locations, especially venues and the Commercial Facilities Sector. Next, the group transitioned to mis-information and how integral it was to both terrorist groups as well as domestic violent extremism. COVID dominated the last part of the discussion with Bridget sharing her personal story and loss before the group went through a rapid fire set of questions! But just like our favorite band of super-heroes, stay for the end credits and you might here about killer mosquitos. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
August 18, 2021
The Risk Roundtable: EP 22. Who's the Nerd Now?
The discussions were lively on the latest edition of the Risk Roundtable as Jen showed off her inner nerd! With Andy nursing an injury, Dave and Jen took off on topics ranging from the latest White House memos on improving critical infrastructure to the troubling trends on COVID and what it all means for businesses and organizations. In the roulette round (Dave is on a 2 pod winning streak with the theme music) the roundtable talked about some all-hazards and preparedness for the upcoming religious holidays before Jen "nerded out" on various reports on new CVEs and displayed a very nerdy t-shirt to boot! Andy got his strength back for his three questions where Dave revealed his disgust over some veggies and lack of love for a historic band! Some of the links mentioned in the podcast included: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems: https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/ Background Press Call on Improving Cybersecurity of U.S. Critical Infrastructure: https://www.whitehouse.gov/briefing-room/press-briefings/2021/07/28/background-press-call-on-improving-cybersecurity-of-u-s-critical-infrastructure/ FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure: https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/ 2021 CWE Top 25 Most Dangerous Software Weaknesses: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html Joint Cybersecurity Advisory: Top Routinely Exploited Vulnerabilities: https://us-cert.cisa.gov/sites/default/files/publications/AA21-209A_Joint%20CSA_Top%20Routinely%20Exploited%20Vulnerabilities.pdf Bridget Johnson's COVID Article: https://www.hstoday.us/subject-matter-areas/pandemic-biohazard/covid-19-a-plea-to-learn-from-those-who-have-suffered-and-lost/
August 03, 2021
The Gate 15 Interview EP 13. Peter Ashwin - Risk and Security Expert, and Original International MoM
In this episode of The Gate 15 Interview, Andy Jabbour talks with Peter Ashwin, the principal and founder of Event Risk Management Solutions (ERMS), a consulting practice committed to enabling event organizers to meet the challenges of today’s volatile and uncertain world. Peter is recognized as an innovative, industry leader for the design and implementation of event security and risk management solutions to support event organizing committees and their public and private security partners deliver safe and secure, world class event experiences within complex, multi-agency environments. He is a former Australian Army special forces officer who now calls Montreal, home. Peter on LinkedIn. In the discussion we address: Peter’s background The Olympics and major event security and risk management The current threat and risk landscape Event and venue security and best practices And more!
July 26, 2021
Nerd Out Security Panel Discussion: EP 15. Let’s talk about Health!
In the latest episode of Nerd Out, Dave is joined by everyone’s favorite Crimson Tide enthusiast - Jon Crosson. Jon is the Director of Critical Infrastructure – Vital Services for Gate 15.Jon currently supports the Health Information Sharing and Analysis Center (H-ISAC) as the Director, Special Interest Group Services. H-ISAC is a non-profit organization that is dedicated to protecting the healthcare and public health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information. In the episode, Jon looks at the current security threats facing the health sector and healthcare organizations to include the impact that COVID has had, as well as the battle against mis/disinformation. Dave and Jon then look back at some of Jon's background and how he got in position to be a trusted partner in the community. And finally, turning to one of Jon's true loves, Dave and Jon talk about the upcoming college football season and the outlet for the Crimson Tide. Prior to Gate 15, Jon was a senior operations specialist and project manager for Battelle Memorial Institute. Jon held various positions supporting the Department of Defense (DOD), Department of Homeland Security (DHS) and the U.S. Nuclear Regulatory Commission.Jon served in the U.S. Army as a Field Artillery Officer from 1999-2003. He is a member of InfraGard and a graduate of the FBI Citizens’ Academy. Links to Training referenced by Jon in the pod: FEMA Emergency Management Institute (EMI) Independent Study Course List
July 20, 2021
The Cybersecurity Evangelist: EP 12 – Cyber isn’t Scary, it’s Necessary
On episode 12 of The Cybersecurity Evangelist (TCE) podcast, I chat with a couple of Baby Boomers with varied perspectives of cybersecurity as I take TCE back to its roots – as the cybersecurity podcast for everyone. Ed Heyman (@El_Grillo1) and a mystery guest to talk about “The Great Bewilderment.” We also discuss why boomers are the generation most likely to take privacy and security seriously, and what bare minimum level of cyber awareness everyone should maintain. Resources mentioned in this episode (along with other relevant posts not mentioned): The Social Dilemma – The technology that connects us also controls us. (Netflix original film) Survey finds massive gap in awareness of cyberattacks (Summary of survey by Armis, published on ZDNet) Protecting a New Vulnerable Population on the Internet (@Bob Covello – Tripwire) Protecting the New Most Vulnerable Population – The Grandparent Scam (@Bob Covello – Tripwire) Protecting the New Most Vulnerable Population – Subscription Scams (@Bob Covello – Tripwire) Protecting Your Online Privacy: Three Levels of Security (Tripwire) Security Awareness Tip of The Day (SANS)
July 14, 2021
The Risk Roundtable: EP 21. Ransomware and Terrorism - they never seem to go away.
The Risk Roundtable crew gathers after a long weekend and talks about the latest ransomware and terrorism news not to mention the discussion about the governments decision to release classified information.
July 07, 2021
Nerd Out Security Panel Discussion: EP 14. Reports Galore!
In the latest episode of Nerd Out, Dave is joined by some old friends, Joe and Bridget, while they welcome in Amanda Mason to the panel where they discuss the latest series of reports from the FBI, the U.S. Senate, and from across the pond and the Manchester Arena bombing inquiry. They discuss the value of these type of reports, and the lessons that can be learned from the observations. Amanda then shares some of the insight from the January 6th incident from a first-hand view of the situation as it unfolded. After going through the reports and calling out some of the challenges highlighted the panel goes through a rapid fire session with questions ranging from security trends, ransomware (sorry Jen), and what the panel is reading or watching. The reports discussed include: Active Shooter Incidents 20-Year Review, 2000-2019 Examining the U.S. Capitol Attack: A Review of the Security, Planning, and Response Failures of January 6 Manchester Arena Inquiry Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ Amanda Mason is currently serving as the Vice President of Intelligence for the Related Companies. Her role is to integrate information from various sources and bridge the gap of cyber threats, national security, local law enforcement, physical security and business intelligence. In her role, she provides threat information and solutions to the various subsidiaries under Related, which include Real Estate, Infrastructure, Manufacturing, Hospitality, and International Finance. She is also a reservist currently serving as the Director of Intelligence for the District of Columbia, Air National Guard. With over 24 years of service, Amanda has held various positions in the Intelligence and Special Operations Communities.
July 06, 2021
The Risk Roundtable: EP 20. The latest security news delivered without remorse.
The Risk Roundtable crew jumps into summer with a new episode focused on some of the latest security news. Kicking off the episode, the team looks at the latest FBI report on Active Shooters (Active Shooter Incidents 20-Year Review, 2000-2019) and how organizations can integrate this information into their security planning and preparedness. Then they switch over to talk about a threat that grows stronger each month - Ransomware. Jen breaks down the latest ransomware activity and reminds organizations to not go at it alone! Then while Dave is dancing on mute, the risk roulette goes into some topics about opting out of some services that may feel forced, and the upcoming summer season (Fourth of July) and the security precautions organizations need to remember when planning events. Andy then wraps up the episode sharing how much he loved a certain movie that was Dave's favorite book of all time. Dave might have had something....or three minutes....to say something about it. Some references from the episode: Beer, cheese, fuel, and now meat. What’s next? - Armis Amazon to share your Internet with neighbors on Tuesday - How to opt out Gate 15 HEPS FBI Active Shooter Resources A Study of the Pre-Attack Behaviors of Active Shooters in the United States Between 2000 and 2013 What’s Your Plan? Additional Links: https://blog.malwarebytes.com/malwarebytes-news/2021/06/ransomware-to-be-investigated-like-terrorism/ https://www.theguardian.com/us-news/2021/jun/04/fbi-christopher-wray-cyberattacks-9-11 https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/ https://gate15.global/the-gate-15-interview-ransomware-running-rampant/ And more.... can be found on the Gate 15 Website blog posts: https://gate15.global/blog/
July 06, 2021
The Cybersecurity Evangelist: EP 11 – The ISAC Series – Tribal-ISAC
My final ISAC segment for TCE was a great discussion with two Steering Committee Members from Tribal-ISAC. Bill Travitz – Director, Office of Information Technology, Eastern Band of Cherokee Indians, and Lee Edberg - IT Cybersecurity Manager for Mystic Lake Casino Hotel, Shakopee Mdewakanton Sioux Community. The overall theme of this episode, and the ISAC series in general - We are stronger together! As Lee said, there is invaluable power in numbers with more tribes fighting the threat landscape together; get involved, get to a meeting, and contribute! Similarly for Bill, it’s about being a good neighbor, and that is a value that tribes already have! We all learn from one another. Tribal-ISAC is open to membership for Native American and Alaskan Native tribal government, operations, and enterprises. Resources discussed in this episode: TribalHub TribalNet Conference Tribal ISAC MS-ISAC(Multi-State Information Sharing & Analysis Center)
June 16, 2021
The Gate 15 Interview EP 12. Bryan Ware: Analytics Geek, Emerging Technologies Expert
In this episode of The Gate 15 Interview, Andy Jabbour talks with Bryan Ware, founder and CEO of Next5 (next5.co), a technology-focused business intelligence and strategic advisory firm. In addition to being a successful entrepreneur, Bryan is a self-described “analytics geek” and emerging technologies expert. He has formerly served as the CEO at Haystax Technology and more recently served at DHS Cybersecurity and Infrastructure Security Agency (CISA) as the Assistant Director for the Cybersecurity Division. Bryan on Twitter (@bsware). Bryan on LinkedIn. In the discussion we address: Bryan’s background and his experience in the private sector and at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) His new project, Next5 Critical and emerging technology and associated concerns Geopolitical and other security challenges Find out what Bryan means when he says “I believe in Liquid Diplomacy?” Here his call to service And more! “I’m most passionate about the critical and emerging technologies that are emerging now and will be most important to our lives, economies, and national security 5+ years from now” Bryan Ware A few references mentioned in or relevant to our discussion include: We discussed Bryan’s new company, Next5. From the website, “Next5 helps leading companies develop, acquire and protect the game-changing technologies of the future. Our research provides a current and expert perspective on critical emerging technologies, global supply chains, and geo-political and economic factors that shape opportunities and risks.” See more, including the Next 5 Technology Matrix, from the link above. Bryan mentioned the quote “software is eating the world,” stated by Marc Andreessen. Read more on that in the Wall Street Journal, Why Software Is Eating The World (20 Aug 2011). We mentioned the Five Eyes partnership, which is the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. You can read a little about that from the Office of the Director of National Intelligence, here, or on Wikipedia.
May 24, 2021
Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO!
In the latest episode of Nerd Out, Dave welcomes in Ben Taylor, Executive Director of the Cannabis Information Sharing and Analysis Organization (ISAO). Their conversation looked at the evolution of the industry and the needs that an ISAO can provide to help those in the ever-growing Cannabis industry look at threats and develop strategies to protect their customers and organizations. Ben talked through the announcement of the ISAO and the next steps including offerings on their website and social media platforms. Dave and Ben also looked at the challenges that ISAOs face in getting attention and gaining members, but highlighted the value that they bring and the value of information sharing to the overall strength of the industry. To learn more about Cannabis ISAO, visit their website: https://cannabisisao.org or check out their social media accounts. Twitter: @CannabisISAO and LinkedIn: @CannabisISAO Ben Taylor is the Executive Director of the Cannabis-ISAO. Ben also serves as a Risk Analyst to several Information Sharing & Analysis Centers, and has previous security and operations experience as an Army Officer as well as working through the Department of Homeland Security’s Office of Infrastructure Protection. Ben has also spent several years in marketing and partner development roles within the tourism industry, to include working to promote Cannabis tourism in Oakland, California.
May 18, 2021
The Cybersecurity Evangelist: EP 10 – The ISAC Series, REN-ISAC (Part 2)
TCE continues the chat with REN-ISAC’s Krysten Stevens and Brett Zupan. On this episode: We emphasize the importance of relationship building among higher ed and relevant community resources. Discuss the wide and varied landscape of higher ed and research community. We jump up on our soapboxes about how cyber is a cost of doing business, and not “if” but “when” you become a cyber attack victim. We chat REN-ISAC services, such as Security Event System (SES), Peer Assessment Service, and Workshops (again). Krysten brilliantly reminds us of the “trust community” that the ISACs represent. Brett sucks up to Krysten with a nod to the technical operations team; and of course, Krysten couldn’t help but brag on her team too! As it should be. ;-) Brett rounds out our discussion with a masterful shout out to the NCI (National Council of ISACs). REN-ISAC Resources discussed on this episode: Peer Assessment Service - https://www.ren-isac.net/public-resources/pas/index.html Workshops - https://www.ren-isac.net/public-resources/workshops/index.html Security Event System - https://www.ren-isac.net/member-resources/SES.html Our Trust Community - https://www.ren-isac.net/what-we-do/index.html
May 12, 2021
The Risk Roundtable: EP 19. What becomes of the miscreants?
A year ago, as the pandemic had taken hold around the world, there was a lot of confusion and uncertainty. And while threats were equally as susceptible to COVID, they ultimately rose to exploit the situation. Now that vaccines are being distributed and the world is slowly reopening, does this change the threat environment? The Risk Roundtable crew discusses this potential, as well as other security matters that individuals and organizations should be on guard for moving into the summer months. Then after the risk roulette discussion, complete with music (thanks Dave), Andy leads the gang in a "get to know you" series of questions. Scams: https://www.ftc.gov/coronavirus/scams-consumer-advice Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/
May 04, 2021
The Gate 15 Interview EP 11. Matt Mitchell, a Champion for Security and Privacy
In this episode of The Gate 15 Interview, Andy Jabbour talks with Matt Mitchell, “a hacker and Tech Fellow at The Ford Foundation. Matt is working with the BUILD and Technology and Society teams at Ford Foundation to develop digital security strategy, technical assistance offerings, and safety and security measures for the foundation’s grantee partners. Matt was recently named by WIRED magazine as one of the 25 ‘innovators who are using technology to lead society through this period of global uncertainty and pointing the way to a safer future.’ called the WIRED25.” In 2017, Matt was listed by VICE's MOTHERBOARD as a HUMAN OF THE YEAR, for his work protecting marginalized communities from surveillance. Read more about Matt in this Medium post. Photo by Nick Lee, via Medium. Matt on Twitter. Matt on LinkedIn. In the discussion we address: • Matt’s background • Current projects • Privacy as a right • Privacy as security • And more! “Backdoors… they don’t work…” – Matt Mitchell, in The Gate 15 Interview, recorded 21 Apr 2021 A few references mentioned in or relevant to our discussion include: • Matt Mitchell Is Arming Underserved Communities With Anti-Surveillance Tools, Vice, 14 Feb 2017 • Ford Foundation, BUILD • Ford Foundation, Cybersecurity Assessment Tool • Nigerian Tech Hub Update: It’s Funded, Built, Educating, and… by Ronnie Tokazowski, @iHeartMalware, 08 Apr 2021 • Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs? by Catalin Cimpanu, @campuscodi, on The Record, by Recorded Future, @TheRecord_Media, 18 Apr 2021 • Zero Trust: Enable a remote workforce by embracing Zero Trust security, Micorsoft • William Coffee, NSA 2011 Hall of Honor Inductee, African American Honoree. “In April 1946, William D. Coffee was awarded the Commendation for Meritorious Civilian service for his wartime leadership in exploiting critical enciphered messages. During a time of harsh racial discrimination, he excelled and became the acting supervisor of a segregated office that made impressive contributions to the nation's cryptologic achievements.” • CryptoHarlem • Wikipedia: CryptoParty • On Bug Bounties: Google Project Zero will give a 30-day grace period before disclosing security issues, Kim Lyons, @SocialKimLy, The Verge, @verge, 17 Apr 2021 • The do’s and don’ts of bug bounty programs with Katie Moussouris (@k8em0), by Zack Whittaker, @zackwhittaker, TechCrunch, @TechCrunch, 07 Apr 2021 • Zack Whittaker@zackwhittaker / 3:15 PM EDT•April 7, 2021 • DON'T PANIC. Making Progress on the "Going Dark" Debate, The Berkman Center for Internet & Society at Harvard University "One: the companies want to surveil the people. Two: the organizations, the companies, don't have people's best interests at heart…" – Matt Mitchell, in Vice, 14 Feb 2017
April 26, 2021
Nerd Out Security Panel Discussion: EP 12. High Stress and U....2.
This month the panel is a party of one - Rob Yandow joins again to talk with Dave about high stress situations and preparedness. This is especially relevant given the reopenings and the latest hostile event situations. Rob goes into detail about the phsiology of fear, as well as how and why individuals respond to high stress situations the way they do. Using various examples, Rob hammers home the various stages in the survival arc - denial, deliberation, and decisive action. And most importantly, the podcast talks about the ways organizations can use this information to train and prepare to respond. Then Dave is joined by a special guest to talk about the greatest band ever. Rob Yandow is a security expert who is a former police officer and who works with the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) and serves as the Co-Chair of their Business Resilience Group - website: https://faithbased-isao.org. Twitter: @RobYandow
April 20, 2021
The Cybersecurity Evangelist: EP 9 – The ISAC Series, Part 5 – REN-ISAC
Despite the razzing I got from the guys (David Pounder - host of the NerdOut! Security Panel Discussion, and Andy Jabbour - host of The Gate 15 Interview) during the last Risk Roundtable, the TCE ISAC Series continues!!! This time, REN-ISAC (Research & Education Networks Information Sharing & Analysis Center) joins me. REN-ISAC serves the higher education and research community by promoting cybersecurity operational protections and response. For this episode, I enjoyed a fun and lively chat with Krysten Stevens, “new” Director of Technical Operations, and Brett Zupan, Risk Analyst and DC Liaison. We talked about threats facing the research and higher education community and bragged on Kim Milford’s (REN-ISAC’s Executive Director) amazing vision in 2019 to execute a series of workshops that had colleges, universities, and relevant community partners, such as state/local health departments and law enforcement working together through an infectious disease scenario – a scenario the team thought might be going too far… Resources discussed on this episode: https://www.ren-isac.net https://gate15.global/the-gate-15-interview-from-blended-threats-to-pandemic-lessons-learned-a-candid-conversation-on-higher-education-security-and-resilience-with-ren-isacs-kim-milford/ https://www.ren-isac.net/public-resources/csirt.html https://www.ren-isac.net/public-resources/workshops/index.html https://www.caudit.edu.au/
April 12, 2021
The Risk Roundtable: EP 18. Security / Analytical Bias.
The Risk Roundtable crew looked at the increasingly important idea of security bias and security blindness. The group specifically looked at how bias in analysis can lead to security blindness and the minimization and exaggeration of threats. Within the analytical community it is important to note how bias exists in virtually everything and the team discussed ways in which bias could exist from the analyst, but also by those that receive the data. Andy, Jen and Dave discussed some of the root causes and how this can lead to and continue a cycle of misinformation and disinformation if not handled correctly. In fact, the more divisive our politics become, the more bias our media, the more people – politicians, the media, foreign governments, and others - fan the flames of division, the more challenging the role of the analyst can become. In the end, bias is a discussion that is encouraged to be had by all organizations to ensure they are accurately representing the threat and risk to the organization. Next the team looked at their roulette items (Dave even shared the theme song on demand!) reminding listeners of the Microsoft Exchange Vulnerability and to update their systems. In addition, as reopenings are occurring around the world in varying degrees, it is important that organizations review security plans and processes. Items highlighted in the Podcast: Health ISAC Spring Summit open to members and non-members: https://h-isac.org/summits/secured-in-paradise-spring-2021-summit/ Agenda: https://web.cvent.com/event/cd1e7b44-7e38-487b-bd1f-b4f39cc82a11/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce Troy Hunt Confirmation Bias - and good read: https://www.troyhunt.com/lets-stop-the-5g-hysteria-understanding-hoaxes-and-disinformation-campaigns/ Additional information about the Microsoft Exchange Vulnerability: https://cyber.dhs.gov/ed/21-02/ https://us-cert.cisa.gov/ncas/alerts/aa21-062a FortiOS Vulnerability: https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios CISA Cybersecurity Directives and Implementation Guidance Site: us-cert.cisa.govus-cert.cisa.gov
April 06, 2021
The Gate 15 Interview EP 10. James Whalen, Technology and Cybersecurity Leadership
In this episode of The Gate 15 Interview, Andy Jabbour talks with James Whalen, SVP, Chief Information & Technology Officer, Boston Properties. In this podcast we address: Jim’s background Changes in facilities; changes in security Threats facing facilities and broader implications Security and collaboration And more! James Whalen: James Whalen serves as Senior Vice President, Chief Information & Technology Officer for Boston Properties where he is responsible for the direction and implementation of technology services and solutions. Prior to joining the Company in March 1998, he served as Vice President, Information Systems of Beacon Properties. He is a graduate of the University of Notre Dame and a recipient of the New York City Urban Fellowship. Mr. Whalen is a current trustee and past President of the Boston Chapter of the Society for Information Management (SIM) and serves on the Real Estate Cyber Consortium, Realcomm Advisory Council, Commercial Facilities Cyber Working Group, TechHire Boston and Boston Private Industry Council. LinkedIn. A few references mentioned in or relevant to our discussion include: · The Real Estate Information Sharing and Analysis Center (RE-ISAC). “The Real Estate Information Sharing and Analysis Center (RE-ISAC), a not-for-profit information sharing entity organized by The Real Estate Roundtable in February 2003, is a public-private partnership between the US commercial facilities sector and federal homeland security officials which serves as the primary conduit of terrorism, cyber and natural hazard warning and response information between the government and the commercial facilities sector.” · InfraGardNCR: Commercial Facilities Cyber Working Group (CCWG) · FBI IC3 Cyber Crime Report: FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report & PDF: 2020 Internet Crime Report, 17 Mar 21 · Palo Alto Networks: Highlights from the 2021 Unit 42 Ransomware Threat Report & Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report, 17 Mar 21 · Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%, 04 Mar 21 · Realcomm Advisory Council
March 23, 2021
Nerd Out Security Panel Discussion: EP 11. Reopenings, Protests, and the future of Conspiracy
In the latest episode of Nerd Out, Dave and his merry band of nerdies, Bridget, Travis, and Joe, look at the latest news around the reopening and what organizations need to be on guard for as crowd sizes and capacity limits will test the ongoing health pandemic. Then the group looks at the way threat actors may respond. Will it be a target of opportunity or will new security measures be disruptive enough. Next, the panel looked at recent protests, and the potential for future protests (did people really forget about May Day!) and what ways they may change in a reopened world. Finally, what is the future of conspiracy theories and the movements that were charged over the past several years? The group then lightened it up a bit and went through some lightning round questions and discovered that the Snyder Cut really isn't a thing because no one particularly cared for it in the first place to even know it was a thing. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
March 16, 2021
The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 - Faith-Based ISAO
TCE welcomes Faith-Based ISAO Executive Director, Mayya Saab on this episode. And no, this isn't the "FBI" ISAO... ;-) Listen in to find out what Mayya loves most about her role and her heart's desire in helping the entire community of faith be secure and resilient. Check out FB-ISAO at https://faithbased-isao.org/
March 10, 2021
The Risk Roundtable: EP 17. Oldsmar, Conspiracy Theories, and Arnold Shirts
In the latest episode of the Risk Roundtable, Andy, Jen, and Dave look at some recent events (Oldsmar) while looking ahead to upcoming events that may present risks (Qanon, the George Floyd murder trial, and upcoming religious holidays) but only after talking about Andy's taste in shirts. Then in the risk roulette, which Dave forgot again to find music for (or did he), Dave wonders about weather preparedness is overhyped while Jen circles back to lessons learned from Solar Winds and the concept of "zero trust" - not in Andy and Dave but in terms of cybersecurity. The gang wraps up talking about some of their struggles and what they are watching. But that's not all - after the credits Dave may have redeemed himself with a new theme for the risk roulette. Some of the links from today's episode: YouTube: Treatment Plant Intrusion Press Conference, 08 Feb. WaterISAC: 15 Cybersecurity Fundamentals for Water and Wastewater Utilities Gate 15: Blended Threats: Did Florida’s Cyber Attack Whet Your Appetite for Better Preparedness and Security? NSA: NSA Issues Guidance on Zero Trust Security Model Forrester: Zero Trust Is Not A Security Solution; It’s A Strategy The Hacker News: SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020 Vice: QAnon Isn’t So Sure Trump Will Magically Become President Again on March 4 Ready.gov: Plan Ahead for Disasters
March 02, 2021
The Gate 15 Interview EP 9. Mark Herrera on Venues, Safety, and Security in 2021
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM; @IAVMWHQ). In this podcast we discuss a range of issues from the pandemic’s impact to venues, to security and preparedness with broad applicability to all organizations - from venues to places of worship, and across events and facilities of all types. We discuss a wide range of issues from the impacts of COVID on venues and events, and what lies ahead in 2021, ideas on enhancing security through conflict management and professionalism, and lot more. Mark talks about the importance of “programming the mind through mental preparation” noting that, “the body will go where the mind has been, if the mind hasn’t been there the body will not follow.” Mark is always full of great quotes. Some are shared below; listen to the conversation for more great insight and Herrera-isms! In the discussion we address: Mark’s backstory IAVM The pandemic’s impact to venues Where the venue community is going in 2021 Resetting security and the physical threat environment Organizational and personal security best practices And more! Mark Herrera: Herrera is the Director of Education & Life Safety for the International Association of Venue Managers and recognized as one of the 25 most influential leaders in the meetings and event industry. As part of his duties, Mark teaches Situational Awareness-Mindset training aimed at giving venues the tools to be safer and more secure. The training emphasizes on Exceptional Focus, Performance, and Control in Extreme Situations and Risk Mitigation through Guest Services Interjection. In addition, as the Director of Education for IAVM, Herrera represents the Department of Homeland Security Office of Infrastructure Protection through the Public Assembly Facility Sub-Sector Council. For Mark’s complete bio, see below. Twitter: @IAVM_Herrera; LinkedIn; Instagram; Facebook. · IAVM on Twitter; LinkedIn; Instagram; Facebook. And learn about: · IAVM’s Academy for Venue Safety and Security · IAVM’s VenueConnect 2021, at the Georgia World Congress Center in Atlanta, 02-05 Aug 2021
February 22, 2021
Nerd Out Security Panel Discussion: EP 10. Singapore, Norway, Minnesota - what does it mean?
In the latest episode of Nerd Out, it was a five star day for Dave. First, you can hear him open up with his "Warrrrshington" versus President's Day poll (did you see what I did there), followed by the group getting into a discussion about behaviors and indicators of hostile events related to recent arrests and incidents in Singapore, Norway, and Minnesota, and the role that mental health plays a role into it. The team then looks at reporting such instances, before getting into the Florida Water breach and the ramifications as it highlights the various ways blended threats can have an impact to organizations. Unfortunately a real-time weather event prevented the group from getting into their lightning round (no pun intended considering the weather event), but not before Bridget was able to share her true feelings for a certain seven time Super Bowl winning quarterback. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
February 16, 2021
The Cybersecurity Evangelist: EP 7 - The ISAC Series, Part 3 - Real Estate ISAC
Dave "Quarter" Pounder, host of the famed NerdOut! Security Panel Discussion joins me on this episode of The Cybersecurity Evangelist. Dave and I talk about the Real Estate ISAC. And no, it's not just for real estate companies - although I may have dropped a hint in the opening commentary about TCE being a great sponsorship opportunity for Berkshire Hathaway/Warren Buffet... ;-) Wouldn't that be nice! Dave and I had fun talking about how RE-ISAC shares information about potential physical and cybersecurity threats and vulnerabilities to help protect commercial facilities and the people who use them. Visit https://www.reisac.org/ to learn more!
February 10, 2021
The Risk Roundtable: EP 16. Singapore, Emotet, and the Roulette.
After opening up about their love of Groundhog day, the holiday and movie, the Risk Roundtable gang gets into the meat of their security discussions around the latest arrest in Singapore (Hostile Events), upcoming significant events to factor into consideration, and the global takedown of Emotet (the malware, not a weird allusion to the Egyptian god). Then in the Risk Roulette, which Dave still does not have good music for, the group discussions if there is anything to consider when looking at the Robin Hood / Wall Street Bets activity last week and the Capitol Hill riot, as well as the lingering effects of Solar Winds. The gang wraps it all up with some personal preferences before Andy tries to convince himself the Lions are still a football team. Some of the links referenced in the show include: EMOTET: https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation https://www.eurojust.europa.eu/worlds-most-dangerous-malware-emotet-disrupted-through-global-action https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/emotet-botnet-takedown-what-you-need-to-know/ https://www.bleepingcomputer.com/news/security/fonix-ransomware-shuts-down-and-releases-master-decryption-key/ “Why Joe Biden Can’t Bring His Peloton to the White House” – Popular Mechanics (https://www.popularmechanics.com/technology/security/a35190713/joe-biden-peloton-white-house-security-risk/) Is Joe Biden’s Peloton a cybersecurity risk? Don’t sweat about it - Graham Cluley (https://grahamcluley.com/is-joe-bidens-peloton-a-cybersecurity-risk-dont-sweat-about-it/)
February 02, 2021
Nerd Out Security Panel Discussion: EP 9. Moving forward from Inauguration.
In the latest Nerd Out podcast, Bridget, Joe and Travis join Dave to discuss the continued fallout from the 06 January events at Capitol Hill and what it means post-Inauguration. Here's a hint, we still need to be prepared for domestic terror groups and how they may spin events for their benefit. The group then looks at what 06 January means from a security perspective moving forward and what lessons can be learned. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
January 27, 2021
The Gate 15 Interview EP 8. A discussion with Advanced Intelligence Chairman and CEO Vitali Kremez
In this episode of The Gate 15 Interview, Andy Jabbour talks with Vitali Kremez, the Chairman & CEO at Advanced Intelligence. In this podcast we discuss a lot of areas – from Vitali’s fascinating background, guitar playing, and journey to the United States, security issues, emerging and enduring threats and best practices, the evolving challenge of blended threats and convergence, and much, much more. A few relevant links to our podcast include: Advanced Intelligence Advanced Intelligence, Twitter: @IntelAdvanced VK Intel: Digital Forensics & Incident Response Twitter: @vk_dfir Bellingcat: Global Investigative Journalism Network The Citizen Lab AdvIntel & HYAS: Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders, 06 Jan 21. AdvIntel & Eclypsium: Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality, 09 Dec 20. AdvIntel: Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike, 06 Nov 20. DHS CISA Reduce the Risk of Ransomware, 21 Jan: “The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.” Read more. Convergence: The Cybersecurity and Infrastructure Security Convergence Action Guide describes the complex threat environment created by increasingly interconnected cyber-physical systems, and the impacts that this interconnectivity has on an organization’s cybersecurity and physical security functions. It also provides information that organizations can consider to adopt a holistic cyber-physical security approach through a flexible framework. Read more. PDF. And if you want to find out more about blended threats and convergence, check out some of our recent blog posts, including: Blended Threat Implications from Bombings like Nashville The Pandemic’s Blended Threats Impact to Healthcare Blended Threats: When Ransomware Kills… Blended Threats: That Time When Ransomware Shut Down Border Security… Blended Threats: Holding Buildings Hostage
January 25, 2021
The Cybersecurity Evangelist: EP6 - The ISAC Series, Part 2
This month, The Cybersecurity Evangelist talks with WaterISAC's Director of Preparedness and Response, Chuck Egli. The conversation ran a little longer than I like to aim for, but it's understandable given that Chuck and I work closely together in support of WaterISAC. Plus, with WaterISAC being one of the oldest ISACs, I'm quite certain they've earned the extra spotlight! After a much longer than normal opening comment (I sense a trend here) running down a list of many of the ISACs - (most of) which you can find on The National Council of ISAC's webpage at https://www.nationalisacs.org/member-isacs - Chuck and I talk about all the ways WaterISAC supports the security and resilience of the water and wastewater sector with an all-hazards approach (not just cyber). Chuck's parting thoughts: Look into your ISAC community or ISAO…there is one for you!! While many have membership models, so many of them offer information and assistance for the benefit of all toward the greater global good. For more information about WaterISAC, check out its webpage at https://www.waterisac.org/
January 12, 2021
The Risk Roundtable: EP 15. Nashville, Solar Winds and more!
The Risk Roundtable gang kicks off 2021 with two events that ended 2020 - the Christmas Day bombing in Nashville and the Solar Winds cyber event. Andy, Jen and Dave go through the incidents and look at the responses in each instance as well as what may come of it moving forward in 2021 though maybe no lizard people (Shoutout to "V"!). Then in the Roundtable Roulette, Dave brings up how to deal with dis/misinformation while Jen reminds everyone that new year doesn't mean that we can forget about our stable of cyber threats, most notably Ransomware which continued to evolve throughout the year. Finally, with it being a new year, the gang looked at personal and professional goals such as Dave's desire to read more, Jen completing her "she-shed" and Andy's desire to be more like Dave. Andy's reference to Russian Hacking: https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html
January 04, 2021
The Gate 15 Interview EP 7. A look at 2020, security, and the media with Runa Sandvik and Brad Barkett
In this episode of The Gate 15 Interview, Andy Jabbour enjoys a really fun talk with Runa Sandvik and Brad Barkett, two security veterans both with considerable experience working to secure media at some of America’s most well-known papers. In this podcast we discuss: 2020 and the cyber threat environment The threats facing media today The role of media in security What we might anticipate in the new year Among other topics! Runa and Brad share some candid perspective, and a few fun tidbits about themselves in this year-end discussion on the cyber threat environment, security issues, and the media. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations. Runa Sandvik: Runa is a senior security researcher with years of experience in security and information sharing. Today, Runa works on digital security for journalists and other high-risk people. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project. She is a board member of the Norwegian Online News Association, and tweets as @runasand. Brad Barkett: Brad a 20 year security veteran, and has been working as a security architect for the Washington Post since 2015, with a background in telecoms, MSS, IDS, DDOS, firewalls, proxies. Currently , Brad has a preference for social topics like cyber anti-personnel, disinfo, OSINT, threat intel, social psychology, and social engineering. Long standing hobby interests include synthesis and electronic music, and more recently, being a relatively middling 40+ amateur folkstyle wrestler and nogi jiu-jitsu player. Brad has two brothers, Mike and JJ, who are also security professionals. A few references mentioned in our discussion include: · Ford Foundation Cybersecurity Assessment Tool. · Freedom of the Press Foundation · A new report from the Freedom of the Press Foundation: A record breaking number of journalists arrested in the U.S. this year · Updating how we think about security, INFILTRATE 2018, by Matt Tait
December 28, 2020
Nerd Out! Security Panel Discussion: EP 8. Looking back to look forward and holiday goodies!
In this year end Nerd Out Security Panel Discussion podcast, the gang takes a look at the events of 2020 and the impacts they had on individuals and organizations and attempted to pull out lessons to be learned as we get ready to kick off 2021. But before digging into the topics, Bridget shared some personal news related to the impacts of COVID. The group then built upon Bridget's moving account and discussed that while COVID obviously dominated the news, there were other security issues that caused disruptions and may have gone overlooked - or maybe not. The discussion then took a detour and went into some lighter, jovial discussions around food choices around the perfect holiday meal, the team passes out some security resolutions and reminders to focus on in the hope of starting 2021 on a better foot. Thanks to all the listeners and followers - 2020 gave us the opportunity to kick off this podcast channel and we look to keep security at the forefront of these discussions in 2021 and beyond! Happy holidays! Bridget's article can be found here: https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/ Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
December 22, 2020
The Risk Roundtable: EP 14. What security incident won the year?
Wrapping up a wild 2020, the Risk Roundtable crew looks at the security event or incident that took home the prize of most impactful. And no, COVID was not allowed! Was it "truth decay", domestic terrorism, ransomware, or any number of other incidents? The only thing that could be determined was that Dave was not getting any points for his submission. Then the gang played a little Roundtable Roulette and shared some of the areas that they would be looking at moving forward while also recognizing the courage of their teammate Bridget Johnson, who recently wrote about the passing of her mother from COVID (https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/). Also discussed were security situations around the vaccine dissemination and holiday shopping scams....fa-la-la-la-oh no! References brought up in the show: Coveware: Ransomware Recovery First Responders. Q3 Ransomware Demands rise: Maze Sunsets & Ryuk Returns My Mom Died of COVID-19, and Disinformation Was the Virus’ Accomplice, December 3, 2020 Bridget Johnson // https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/ use a quote. COVID vaccines… WSJ Your Boss Can Restrict Your Holiday Plans in the Pandemic, https://www.wsj.com/articles/your-boss-can-restrict-your-holiday-plans-in-the-pandemic-11607301504 06 dec. Shopping scams… Jen’s fa-la-la post… Security Awareness – ’Tis the Season to be Scammy, Fa-la-la-la-la… 20 November 2020, https://faithbased-isao.org/security-awareness-tis-the-season-to-be-scammy-fa-la-la-la-la Rand: https://www.rand.org/pubs/research_reports/RR2314.html Gate 15 SUN: https://paper.li/gate15#/ - cold calls Thank you all for listening this year and we are excited to continue bringing up security matters and how they may impact organizations in 2021! We hope you all have a happy holidays and enjoy the time however you choose to celebrate. Stay safe!
December 08, 2020
The Gate 15 Interview EP 6. From Blended Threats to Pandemic Lessons Learned with REN-ISAC’s Kim Milford
In this episode of The Gate 15 Interview, Andy Jabbour talks with Kim Milford, the Executive Director of the Research and Education Network Information Sharing and Analysis Center (REN-ISAC) which is focused on aiding and promoting operational protection and response within the research and higher education (R&E) communities. In this podcast we discuss: • REN-ISAC, higher education and critical infrastructure • The higher education threat landscape • REN-ISAC Blended Threat Workshops • Higher ed security coordination • COVID-19 lessons learned • Emerging concerns for higher ed and critical infrastructure • And more! Kim Milford serves as Executive Director of the REN-ISAC, working with research and education institutions, partners, and sponsors to provide services and information that allow member institutions to better defend technical environments from cyberthreats. Ms. Milford oversees administration and operations for the REN-ISAC. Ms. Milford served in several roles leading strategic IT initiatives since 2007 at Indiana University. Read more. Twitter REN-ISAC: “The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) serves over 650 member institutions within the higher education and research community by promoting cybersecurity operational protections and response. REN-ISAC member institutions benefit from Security Event System (SES) threat intelligence and other automated data collection and sharing tools to enable informed decisions about threats and events, as well as peer assessment services to improve the institution’s overall security posture.” Read more. Twitter. Find out more about REN-ISAC, and access some of the items mentioned in our discussion below: REN-ISAC REN-ISAC: Higher Education Enterprise Risk Management Leadership, 06 March 2018 Security Spotlight: An Interview with REN-ISAC Executive Director, Kim Milford, 11 Jun 2018 REN-ISAC Workshops 2019 REN-ISAC Blended Threats Workshops: Read 2019 Report & Read 2019 Report Brief 2018 REN-ISAC Blended Threats Workshops: 2018 Final Findings Report & 2018 Final Findings Report Brief BT workshop pages, reports. Gate 15: Webinar Recording: Getting Started Now: Pandemic Preparedness After-Action Reports, 17 April 2020 Gate 15: Pandemic Preparedness: Start Your After-Action Report & Improvement Planning (NOW) 26 May 2020
November 23, 2020
Nerd Out! Security Panel Discussion: EP 7. Protests, Terrorism, Holidays and love for Chris Krebs!
In the latest episode of the Nerd Out Security Panel Discussion podcast the gang reviews the election and what didn't happen and how lessons can be learned from that as well as looking at the current state of protests and how faith-based organizations have been on the front lines of support as well as taking up action. Then the panel looks at the current terrorism threat and how that could impact the upcoming holiday season for stores as well as faith-based organizations. In the lightning round, the panel shares pays tribute to the OG Chris Krebs for his handling of the election and dis/misinformation, as well as tackle other topics. Security expert Rob Yandow joins host Dave Pounder, Bridget Johnson and Joe Levy this month! Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Rob Yandow is a security expert who is a former police officer and who works with the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) and serves as the Co-Chair of their Business Resilience Group - website: https://faithbased-isao.org. Twitter: @RobYandow Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
November 17, 2020
The Cybersecurity Evangelist: EP 5 – The ISAC Edition, Part 1 (for Infrastructure Security Month)
For this November episode of TCE I’ve decided to take on National Critical Infrastructure Security and Resilience Month, Critical Infrastructure Security and Resilience Month, Critical Infrastructure Month, Infrastructure Security Month, whew! Actually, I’ve been almost as overwhelmed with responses from people wanting to be a part of this edition as I am with the litany of names given to this critical observance. That said, this edition/theme is likely to be in three or four parts so we can evangelize as many ISAC’s (and ISAO’s) as we can! During this episode we get the ISAC party started with discussions from DNG-ISAC and MM-ISAC! Links to resources and organizations mentioned in this episode: Infrastructure Security Month https://www.cisa.gov/ismonth Critical Infrastructure Sectors https://www.cisa.gov/critical-infrastructure-sectors National Council of ISACs, list of member ISACs https://www.nationalisacs.org/member-isacs Downstream Natural Gas ISAC https://www.dngisac.com/ The Social Dilemma film https://www.thesocialdilemma.com/ Mining & Metals ISAC http://www.mmisac.org/ Perch Security https://perchsecurity.com/
November 10, 2020
The Risk Roundtable: EP 13. Finally, Critical Infrastructure has come back to RR!
At long last, and after countless suggestions, the team channels their inner "Rock" and brings Critical Infrastructure back to the Risk Roundtable. After discussing Critical Infrastructure Security and Resilience Month and some of the key threats facing critical infrastructures. Andy then guides the team through some quick hits including Jorhena's appreciation for November also serving as Gratitude Month, or Dave Pounder Appreciation Month, Dave encouraging us to consider Security Mindfulness and Jen making sure we didn't forget any of the many threats facing Critical Infrastructure. And even though this was generally an "election free" podcast, be sure to catch Jorhena as she talked about election misinformation issues on Good Morning DC - link to follow. Plus someone is a little sensitive about Spookley the Square Pumpkin. Critical Infrastructure and Resilience Month: https://www.whitehouse.gov/presidential-actions/proclamation-critical-infrastructure-security-resilience-month-2020/ CISA Critical Infrastructure Security Reslience Guide: https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security-Resilience-110819-508v2.pdf Media in Disasters and Emergencies: Social Media Working Group for Emergency Services and Disaster Management: https://www.dhs.gov/sites/default/files/publications/SMWG_Countering-False-Info-Social-Media-Disasters-Emergencies_Mar2018-508.pdf Andy's Election Blog - Elections Perspective: On November 4th, let us stand together as Americans: https://gate15.global/elections-perspective-on-november-4th-let-us-stand-together-as-americans/
November 03, 2020
The Gate 15 Interview EP 5: Elections Security 2020, with the FBI and the Elections Infrastructure ISAC
In this episode of The Gate 15 Interview, Andy Jabbour talks with Ben Spear, Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) and Al Murray, currently serving as the Assistant Special Agent in Charge over Cyber Investigations at FBI’s Washington Field Office (WFO). In our discussion we address: Recent election history and security issues; Threats to the upcoming 2020 election; What to expect on election day (and after); Words of wisdom for citizens and elections officials. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations.
October 26, 2020
Nerd Out! Security Panel Discussion EP 6. Extremist Threats at Home and Abroad.
The Nerd Out Security Panel tackles the latest terrorist incidents in France as well as the disrupted plot in Michigan. There are a lot of valuable lessons learned from these incidents, as well as the recent revelations from the 2017 Manchester concert bombing. The group then goes rapid fire through some security topics to include concerns through the end of the year, security issues we may not be talking about, Edward Snowden, Magnum PI, Spencer for Hire and more. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on; email: email@example.com Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
October 20, 2020
The Cybersecurity Evangelist: EP4 – “Am I doing enough?” Part 2
Shay Trembley, Information Security Manager of South Blount Utility District, and I finish up the remaining 4 "P's of Basic Cybersecurity" - a timely topic in recognition of National Cybersecurity Awareness Month (NCSAM). We address passwords, privacy, patching, and protection, and include several of our personal favorite resources for cybersecurity awareness for everyone. Shay's final tip: she encourages everyone to speak up and share information. The more everyone shares information about the cyber threats and risks, or even suspected threats and risks, the better we will all be informed and #BeCyberSmart. In recognition of NCSAM, we individually listed a ton of resources to help businesses and individuals to #BeCyberSmart: https://staysafeonline.org/, including National Cybersecurity Awareness Month and other NCSA resources https://www.sba.gov/ https://www.cisa.gov/ https://www.cisa.gov/information-sharing-and-awareness(for more on Information Sharing and Analysis Centers) https://krebsonsecurity.com/ https://paper.li/gate15#/ https://www.sans.org/security-awareness-training/ouch-newsletter https://cybercrimesupport.org/ https://fraudsupport.org/ https://cyberreadinessinstitute.org/ https://www.idtheftcenter.org/ https://haveibeenpwned.com/ https://www.ic3.gov/ https://stopthinkconnect.org/
October 14, 2020
The Risk Roundtable: EP 12. Bring Your Own Topic.
Andy, Jen, Jorhena and Dave go through a plethora of security topics as they introduce the "Opening Shot", before digging deep into some trends they have noted across industries to include the ever present cyber threats (hello ransomware), and social media threats, as well as touching on the upcoming elections. Then the team gets personal and talks about some of the things that have kept them busy over the past couple of months to include Jorhena's upcoming publication! Some references that were dropped during the pod: National Cybersecurity Awareness Month (NCSAM): https://www.cisa.gov/national-cyber-security-awareness-month https://staysafeonline.org/cybersecurity-awareness-month/ https://staysafeonline.org/cybersecurity-awareness-month/champions/view-all/ https://www.cisa.gov/national-cyber-security-awareness-month https://www.shodan.io/ Black Hills Information Security: Backdoors and Breaches Incident Response Game: https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ FBI Social Media Threat Movie - The Nevernight Connection: https://www.fbi.gov/investigate/counterintelligence/the-china-threat/clearance-holders-targeted-on-social-media-nevernight-connection
October 06, 2020
The Gate 15 Interview: EP4. A look at Ransomware.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Jeremy Kennelly, a manager and principal analyst on FireEye’s Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. In the discussion we address: • The history of ransomware; • Ransomware’s evolution from WannaCry to present; • The current threat environment and best practices; • Where ransomware could be going into the future and the idea of blended threats.
September 28, 2020
Nerd Out! Security Panel Discussion: EP 5. Discussing Venues
On this month's Nerd Out! Security Panel Discussion, Dave Pounder hosts Joe Levy, Bridget Johnson and Travis Moran to talk about venue security and what it means in the coming months with the upcoming election and various outdoor events. The group also talks about drones, wildfires, and touches on National Insider Threat Awareness Month (https://www.cdse.edu/itawareness/index.html#0). Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
September 22, 2020
The Cybersecurity Evangelist: EP3 - "Am I Doing Enough?" Part 1
I am joined by Shay Trembley on the third episode of The Cybersecurity Evangelist (TCE). Shay and I discuss practical tips to the question “Am I doing enough?” We begin our chat with a very real-world incident that nearly cost a small-town water utility $3.2M in fraudulent wire transfers. Then we make a quick nod to two very “human-oriented” awareness initiatives before wading in to what I am calling on this episode, “the 5 P’s of basic cybersecurity” to help make sure you ARE doing enough! Resources discussed on this episode: KnowBe4 Mac Help for Mom (the content has not been updated in awhile, but is still useful for “mom” ;-) ) National Insider Threat Awareness Month National Cyber Security Awareness Month Sun Tzu’s The Art of War - For more discussion on The Art of War and cybersecurity, you might enjoy this post, Sun Tzu’s ‘The Art of War’ for Cybersecurity
September 18, 2020
The Risk Roundtable: EP 11. Protests and Security Awareness Months
In the latest episode of the Risk Roundtable, Andy leads Jen, Jorhena and Dave through a myriad of topics including the latest protest activity and what it means for organizations, as well as doing their part in promoting the latest Insider Threat Awareness Month, National Preparedness Month and the upcoming Cybersecurity Awareness Month. Protest activities can take on a life of their own and create challenges for organizations and their respective security teams. The team digs into how awareness and understanding can help them address these challenges that don't fit into the one-size-fits-all model of past protests. Resources: Insider Threat Awareness Month Scenario Cards: https://www.cdse.edu/documents/toolkits-insider/it-scenario-cards.pdf Insider Threat Awareness Month: https://www.cdse.edu/itawareness/index.html National Preparedness Month: https://www.ready.gov/september Cybersecurity Awareness Month: https://staysafeonline.org/cybersecurity-awareness-month/ What’s Your Plan? James DeMeo: https://jamesademeo.com Tesla Insider Threat Department Of Justice Announcement: https://www.justice.gov/opa/pr/russian-national-arrested-conspiracy-introduce-malware-nevada-companys-computer-network Cisco Insider Threat Incident: https://www.bankinfosecurity.com/ex-cisco-engineer-pleads-guilty-in-insider-threat-case-a-14917
September 01, 2020
The Gate 15 Interview: EP 3. Disinformation, Misinformation… Too Much Information!?!
In this episode of The Gate 15 Interview, Andy Jabbour talks with Michael Klein, a K-12 IT Director and a leader for CTI League’s Disinformation Team, and Lee Foster, Senior Manager, Information Operations Analysis, with FireEye Intelligence. The group discusses: What we mean by the terms “misinformation” and “disinformation;” Information operations with regard to the COVID-19 pandemic; Geopolitical and domestic political interests and issue manipulation; Election disinformation, past, present and future; Ideas on deepfakes and the use of Synthetic Media; And Andy manages to work in another musical reference.
August 24, 2020
Nerd Out! Security Panel Discussion: EP 4.
Join Dave, Bridget Johnson, Travis Moran, and Jon Crosson as they talk about the latest security matters. Following up on the last episode, the panel discussed the cancellations of NCAA conference fall sports seasons including the increasingly popular College Football schedule. That was a smooth transition into the innovative ways networks have covered sports and if there was any type of innovation to the security sector. Could organizations replicate security "fans" or "crowd noise" - is that even a thing? And then we looked at the challenges within the healthcare sector and talked about how mental health and a future vaccine could impact security or fuel conspiracy theories. Jon Crosson works at the Health-Information Sharing and Analysis Center (H-ISAC). Their website (h-isac.org) includes a paper on information sharing best practices. Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
August 18, 2020
The Cybersecurity Evangelist - Demystifying Cybersecurity Myths - Part 2
This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity - even if we don’t have an online presence - and why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.
August 11, 2020
The Risk Roundtable: EP 10 - Geopolitics, Partnerships and Information Sharing
On the latest Risk Roundtable, the Gate 15 team discusses geopolitics and the impacts they have had on businesses around the world. Listen to Andy, Jorhena, Jen and Dave then get into partnerships and the need to rely on trusted relationships and information sharing. But they couldn't escape COVID and they weighted in on the impact it has had on sports leagues while hearing Andy's hope for his favorite football team.
August 04, 2020
The Gate 15 Interview: EP 2
In the newest episode of The Gate 15 Interview, Andy Jabbour talks with Errol Weiss, Chief Security Officer with the Health Information Sharing & Analysis Center (Health-ISAC). In their discussion Errol and Andy discuss the evolving cyber threat landscape - from those aimed at the healthcare community, the development of blended threats, ransomware, some of the cybersecurity challenges relating to COVID-19, and more. They also talk about the the benefits and challenges of information sharing and collaboration, and what it takes to make it successful.
July 27, 2020
Nerd Out! Security Panel Discussion: EP 3
In the latest episode, Dave is joined by Bridget Johnson, Travis Moran and Chuck Eglic to talk over the latest security matters. Teeing up with sports in the world of COVID, the group then "nerds out" about drones of the suicide variety, extremism and disinformation. Some references mentioned in the pod: Bridget's article on conspiracy theories: https://www.hstoday.us/subject-matter-areas/counterterrorism/conspiracy-theory-extremism-when-viral-claims-turn-dangerous/ START Report: https://mailchi.mp/start/new-radicalization-data-358122?e=b787119265 Drones: https://www.thedrive.com/the-war-zone/34414/we-talk-killer-drones-and-the-future-of-unmanned-warfare-with-aerovironments-steve-gitlin
July 22, 2020
The Cybersecurity Evangelist: EP 1 - Demystifying Cybersecurity Myths
Welcome to the inaugural episode of The Cybersecurity Evangelist - a cybersecurity podcast for everyone. On the last Gate 15 Risk Roundtable (Ep 9), I eluded to following up on the topic of ransomware for this first episode. But after some deliberation, I thought a better place to start a new podcast on cybersecurity and how it is relevant to everyone, was to myth bust some commonly held beliefs. This episode is part 1 of 2, where I phish for answers by demystifying some myths with help from Travis Farral, including how cybersecurity is more than just a technology/computer problem, how increasing your cyber hygiene and security posture does not have to cost a lot of money, and how easy it is to buy a kit or an application if you are looking to launch your miscreant career! Some great resources mentioned in today's episode to help you understand more about the cyber threats that we all face everyday and to help you increase your cyber hygiene include: Verizon's Data Breach Investigation Report (DBIR) Center for Internet Security (CIS) Critical Security Controls
July 21, 2020
The Risk Roundtable: EP 9
The people have spoken! The Gate 15 Pod has now become the Risk Roundtable. In this episode the gang is back at it again. Andy, Jorhena, Jen and Dave talk about extremism going mainstream, the continuously evolving threat of ransomware (double extortion, cartels, and encryption), as well as issues with reopenings around the world and the possible security implications. So much to get into that you may miss Jen pushing her new podcast - The Cybersecurity Evangelist (out next week!). Plus Jorhena giving a shout out to a co-worker.
July 07, 2020
The Gate 15 Interview: EP 1
In this inaugural Gate 15 interview podcast, Andy Jabbour talks with Jorhena Thomas on her recent post “Intel Community, Our Turn is Coming,” as they discuss informed, inclusive analysis as well as related thoughts on current racial tensions, protests, biases, the threat environment, and how we, as individuals and as a community, can strive towards being our best.
June 25, 2020
Nerd Out! Security Panel Discussion: EP 2
Nerd Out is stepping out on its own. Dave Pounder is taking his band of merry men and women to discuss various security topics and show their true “nerd” related to security matters. In this episode Dave is again joined by Andy Jabbour and Travis Moran and they welcome in Tamara Herold to discuss the latest protests, what some of the takeaways are related to impacts on organizations and where protests in general go from here. Our Panelists: Tamara D. Herold, Ph.D., Associate Professor, Graduate Director, University of Nevada, Las Vegas (UNLV) Director, Crowd Management Research Council Department of Criminal Justice Travis Moran, Welund North America Vice President of Operations Email email@example.com | Website www.welund.com | twitter: @dronin_on Andy Jabbour, The Gate 15 Company Managing Director / Founder twitter: @gate_15_analyst David Pounder, The Gate 15 Company twitter: @dpounder
June 09, 2020
The Risk Roundtable: EP 8
In this episode Andy, Jen and Dave welcome Jorhena Thomas to the pod to discuss protests, disinformation, reopening and what impacts they may mean for organizations. The team also banters about naming the pod as well as share a little “inside baseball” hurricane poll even though Andy doesn’t care much for baseball.
June 01, 2020
Nerd Out! Security Panel Discussion: EP 1
In this new episode we bring the Gate 15 Pod crew together to discuss security concerns around the re-opening of many business around the world on the physical security and cyber security side.
May 18, 2020
The Gate 15 Pod: EP 7
In this episode Andy, Dave and Jen discuss Ramadan, the infodemic, as well as the impacts of the re-opening / re-entry of businesses across around the world. The team then wraps it up with a couple thoughts to hurricanes and National Hurricane Preparedness Week.
May 05, 2020
The Gate 15 Pod: EP 6. Pandemic Preparedness After Action Reports Webinar
In this episode Gate 15 shares a webinar led by Casey Ateah, Gate 15’s Director of Preparedness, Andy Jabbour, Gate 15 Managing Director and including David Pounder, Gate 15 Director of Threat and Risk Analysis. In this webinar, the Gate 15 team discusses why often, many organizations don’t do a great job of completing a deliberate after-action review process or developing effective after-action reports (AARs) after incidents, from small-scale events to significant threats, such as the current COVID-19 pandemic. The webinar covers topics such as how to get started on an AAR process by identifying the needed resources and getting those resources to conduct the necessary analysis in order to draft an After-Action Report and Improvement Plan. Andy also shares some thoughts on the importance of preparedness and imagination when working towards personal, organizational and national resilience.
April 27, 2020
The Gate 15 Pod: EP 5
This will be the first in a new podcast offering from The Gate 15 Company. In this episode we welcome security experts Bridget Johnson and Travis Moran as well as Gate 15 Managing Director Andy Jabbour to talk about terrorism, extremism, drones and surveillance measures in the COVID world. Bridget: Homeland Security Today - Twitter: @bridgetcj. HS Today is hosting a webinar on 23 April on domestic extremist motivations, targets and tactics. Travis: Vice President of Operations, Welund North American, firstname.lastname@example.org - Twitter: @dronin_on
April 15, 2020
The Gate 15 Pod: EP 4
There is a lot of information out there related to COVID. Aside from initial reactions, the team looks ahead to what’s next and how do we start preparing to handle incidents in a COVID world.
March 30, 2020
The Gate 15 Pod: EP 3
So much can change in a month. Last month we touched on COVID-19, and this episode we dig more into questions about preparedness and the resulting cyber scams associated with it. Then we transition to other cyber issues, specifically Business Email Compromise and phishing.
March 05, 2020
The Gate 15 Pod: EP 2
Episode 2. Today we talk nCoV. What do you need to know, and should you be concerned. Also talk about how events like nCoV could lead to scams. Finally we hit building security and the latest terrorist / extremist activity.
February 03, 2020
The Gate 15 Pod: EP 1
Episode 1. Looking back at the security challenges in 2019 and ahead to what we may expect in 2020. Join Andy Jabbour, Jennifer Lyn Walker and David Pounder.
January 09, 2020