The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471
The Gate 15 Podcast Channel • By Gate 15 • Sep 20
The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471
The Gate 15 Podcast Channel • By Gate 15 • Sep 20
The Cybersecurity Evangelist_Ep14_Cybersecurity Awareness Month 2021
The Cybersecurity Evangelist "evangelizes" Cybersecurity Awareness Month 2021. Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and cisa.gov/ncsam. Other resources mentioned during this episode: https://www.cisa.gov/cyber-essentials https://www.ic3.gov/ https://www.sans.org/tip-of-the-day?msc=main-nav https://cybercrimesupport.org/ https://fightcybercrime.org/ https://gate15.global/cybersecurity-awareness-month-2021-tips-from-the-pros/
October 14, 2021
The Risk Roundtable: EP 23. CAM, Disgruntled Employees, and Scott Bakula
The latest episode of the Risk Roundtable gets the group going in all sorts of directions ranging from an opening related to COVID fatigue, Cybersecurity Awareness Month, and disgruntled employees. After deliberating whether they need a new roulette round music selection (Dave volunteered to sing it), the group sang the praises of new CISA chief Jen Easterly and the way she has been out front on all of the latest security issues, as well as sharing some of our favorite security twitter feeds, as well as hitting on the importance of Patching (catch out Jen's latest Cybersecurity Evangelist Pod for more details). The group wrapped up with Andy's three questions to address Super Bowl projections, Halloween, and what show we would want to reboot - hello Quantum Leap! Some of the reports and postings referenced in the podcast include: CISA and Krebs: https://gate15.global/cybersecurity-infrastructure-security-time-to-make-this-happen/ Cybersecurity Awareness Month - Tips from the Pros: https://gate15.global/cybersecurity-awareness-month-2021-tips-from-the-pros/ Jen Easterly Twitter: https://twitter.com/CISAJen Suzanne Spaulding Twitter: https://twitter.com/SpauldingSez Chris Krebs Twitter: https://twitter.com/C_C_Krebs Jennifer Lyn Walker, Director of Cyber Defense Posts: @Gate_15_Analyst & @WaterISAC, LinkedIn: https://t.co/XGIB3hLkam Disgruntled Employees: https://www.waterisac.org/portal/insider-threat-%E2%80%93-former-employee-indicted-unauthorized-computer-access-intent-harm-kansas HEAC White Paper: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/
October 5, 2021
Nerd Out Security Panel Discussion: EP 17. Lessons of the past to prepare the future
In the latest edition of Nerd Out, Dave is joined by nerdette Bridget Johnson, and nerd Joe Levy to take stock of what did and did not happen at the recent Justice for January 6th event in Washington D.C. and the preparedness lessons learned. Equally important is how could venues use those lessons to plan for the future. The team also looked at some of the root causes for the low attendance and why there may be a larger cause for concern. The merry band of nerds and nerdettes went through some fall-inspired quick hits all the while giving due credit to CISA for their bevy of resources to include the latest series: De-Escalation Series for Critical Infrastructure Owners and Operators (www.cisa.gov/publication/de-escalation-series). Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
September 28, 2021
The Gate 15 Interview EP 15. Mark Arena, Intel 471, Cyber Intelligence Expert and CEO, Intel 471
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Arena, CEO, Intel 471. In the discussion we address: Mark’s background Intel 471 Cyber threats Future threats And more! “It all goes down to password reuse… enforce two-factor authentication on everything…” – Mark Arena Mark on Twitter: @markarenaau. Mark on LinkedIn. https://www.linkedin.com/in/mark-arena-36a86516/ Intel471 on Twitter: @Intel471Inc. Intel471 on LinkedIn. https://www.linkedin.com/company/intel-471/ A few references mentioned in or relevant to our discussion include: Intel 471: https://intel471.com Intel 471’s Cyber Underground General Intelligence Requirements Handbook. https://intel471.com/resources/cu-girh-download-request Upcoming Intel 471 video podcast! Intel 471 CTI experts will examine recent developments in the cyber underground through the lens of the media & telecommunications sector. Check it out: 28 Sep 2021, 11am (see registration link for time zone options). Register here: https://hubs.la/H0WW0Gn0. Top FBI official says there is 'no indication' Russia has taken action against hackers, The Hill, 14 Sep 2021. (https://thehill.com/policy/cybersecurity/572184-top-fbi-official-says-there-is-no-indication-russia-has-taken-action) “Based on what we’ve seen, I would say there is no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they have created there… We’ve asked for help and cooperation with those who we know are in Russia who we have indictments against, and we’ve seen no action, so I would say that nothing’s changed in that regard,” - FBI Deputy Director Paul Abbate, via The Hill Russia is fully capable of shutting down cybercrime, CSO Online, 14 Sep 2021. (https://www.csoonline.com/article/3632943/russia-is-fully-capable-of-shutting-down-cybercrime.html) Australian Cyber Security Centre Essential Eight. (https://www.cyber.gov.au/acsc/view-all-content/essential-eight) “While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.” Thoma Bravo Makes Strategic Investment in Intel 471 Announcement, 08 Sep 2021. (https://intel471.com/company/press-releases/thoma-bravo-makes-strategic-investment-in-intel-471)
September 20, 2021
TCE EP13 - Prattling on About Patching on this Podcast Party of One
Your favorite cybersecurity evangelist waxes solo and prattles on about patching in this no frills episode of TCE.
September 16, 2021
The Risk Roundtable: EP 22. Acronym Soup
Security awareness months kick into high gear and the Risk Roundtable crew gives their thoughts on the various ones (NPM, NITAM, NCAM, XYZPDQ...) and the heart of each one - Preparedness and Awareness! The group then talks about some of the ongoing protest activities and look ahead to some upcoming events including the "Justice for J6" event. Continuing the preparedness theme, and switching to the Roulette Round the roundtable turned to everyone's favorite security researcher - Troy Hunt and him living his best life while making everyone aware of their risks as well as a lively debate on passwords. Toss in some comments about weather preparedness and whatever Andy wanted to go off on and the group wrapped up with some fun (even questionable) questions. Still not sure why everyone shutters at green holidays. Some of the references from the discussion: National Preparedness Month | Ready.gov: https://www.ready.gov/september National Insider Threat Awareness Month: https://www.odni.gov/index.php/ncsc-features/2834 Press Briefing by Press Secretary Jen Psaki and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger, September 2, 2021: https://www.whitehouse.gov/briefing-room/statements-releases/2021/09/02/press-briefing[…]-and-emerging-technologies-anne-neuberger-september-2-2021/ The White House Memo to Industry on Ransomware: Take Action (Now): https://gate15.global/the-white-house-memo-to-industry-on-ransomware-take-action-now/ Stuff Off Search | CISA: https://www.cisa.gov/publication/stuff-off-search www.cisa.gov/sites/default/files/publications/Assets_Showing_Primer_508c.pdf Troy Hunt Montage: https://www.pentestpartners.com/security-blog/from-open-guest-wi-fi-to-pwning-a-lift/ https://abbreviations.yourdictionary.com/reference/abbreviations/what-is-an-initialism.html https://www.troyhunt.com https://haveibeenpwned.com https://www.youtube.com/watch?v=N_y8B-tmDM0 TroyHunt from BlackHat Asia Lessons from 11 Billion Breached Records (edited) https://twitter.com/rhowe212/status/1433308481214369797 https://youtu.be/N_y8B-tmDM0 https://www.ncsc.gov.uk/news/ncsc-lifts-lid-on-three-random-words-password-logic James DeMeo - What's Your Plan? https://jamesademeo.com
September 7, 2021
The Gate 15 Interview EP 14. Amanda Mason, Vice President, Intelligence, Related Companies, discusses security, info sharing, terrorism, extremism, 9/11, and more.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Amanda Mason, Vice President, Intelligence, Related Companies. “Our passion for urban life could not be any stronger. We are committed to moving our communities forward and enriching people’s lives.” - Stephen M. Ross, Chairman & Founder. Amanda on LinkedIn. In the discussion we address: Amanda’s background Amanda’s current responsibilities at Related Companies COVID and safe and secure operations and reopening The recent National Terrorism Advisory System Bulletin, Afghanistan and associated concerns Terrorism, extremism, and the upcoming 20th anniversary of the 9/11 attacks And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. “We can’t necessarily predict, but we can prepare.” A few references mentioned in or relevant to our discussion include: Learn more about Related! https://www.related.com New York Post, Real estate giant Related Cos. to require all employees to get vaccinated (02 Aug 2021) National Terrorism Advisory System (NTAS) Bulletin (13 Aug 2021) DHS CISA: MIS, DIS, Malinformation DHS CISA: Countering Disinformation In Social Media video DHS FEMA: Homeland Security Exercise and Evaluation Program DHS FEMA: ICS Resource Center “We have to do our tabletop exercises… we have to think of the worst case scenario.” “I can’t believe that I get to protect a landmark asset in NYC.” The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues. Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Anchor, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes: The Risk Roundtable, is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally. The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics. The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues. We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: podcast@ga
August 23, 2021
Nerd Out Security Panel Discussion: EP 16. Terrorism, NTAS, Misinformation, COVID, and the end credits!
After a a busy couple of weeks, the merry band of Nerdies gathered to discuss the latest news on the terrorism and extremist front and how misinformation has shaped so much of these advanced. The group started with Bridget’s reporting of a new Al Qaeda message, which was followed with press reports extremist chatter and then the he National Terrorism Alert System Bulletin. These all gave the group an opportunity to talk to the risks to various locations, especially venues and the Commercial Facilities Sector. Next, the group transitioned to mis-information and how integral it was to both terrorist groups as well as domestic violent extremism. COVID dominated the last part of the discussion with Bridget sharing her personal story and loss before the group went through a rapid fire set of questions! But just like our favorite band of super-heroes, stay for the end credits and you might here about killer mosquitos. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
August 18, 2021
The Risk Roundtable: EP 22. Who's the Nerd Now?
The discussions were lively on the latest edition of the Risk Roundtable as Jen showed off her inner nerd! With Andy nursing an injury, Dave and Jen took off on topics ranging from the latest White House memos on improving critical infrastructure to the troubling trends on COVID and what it all means for businesses and organizations. In the roulette round (Dave is on a 2 pod winning streak with the theme music) the roundtable talked about some all-hazards and preparedness for the upcoming religious holidays before Jen "nerded out" on various reports on new CVEs and displayed a very nerdy t-shirt to boot! Andy got his strength back for his three questions where Dave revealed his disgust over some veggies and lack of love for a historic band! Some of the links mentioned in the podcast included: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems: https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/ Background Press Call on Improving Cybersecurity of U.S. Critical Infrastructure: https://www.whitehouse.gov/briefing-room/press-briefings/2021/07/28/background-press-call-on-improving-cybersecurity-of-u-s-critical-infrastructure/ FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure: https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/ 2021 CWE Top 25 Most Dangerous Software Weaknesses: https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html Joint Cybersecurity Advisory: Top Routinely Exploited Vulnerabilities: https://us-cert.cisa.gov/sites/default/files/publications/AA21-209A_Joint%20CSA_Top%20Routinely%20Exploited%20Vulnerabilities.pdf Bridget Johnson's COVID Article: https://www.hstoday.us/subject-matter-areas/pandemic-biohazard/covid-19-a-plea-to-learn-from-those-who-have-suffered-and-lost/
August 3, 2021
The Gate 15 Interview EP 13. Peter Ashwin - Risk and Security Expert, and Original International MoM
In this episode of The Gate 15 Interview, Andy Jabbour talks with Peter Ashwin, the principal and founder of Event Risk Management Solutions (ERMS), a consulting practice committed to enabling event organizers to meet the challenges of today’s volatile and uncertain world. Peter is recognized as an innovative, industry leader for the design and implementation of event security and risk management solutions to support event organizing committees and their public and private security partners deliver safe and secure, world class event experiences within complex, multi-agency environments. He is a former Australian Army special forces officer who now calls Montreal, home. Peter on LinkedIn. In the discussion we address: Peter’s background The Olympics and major event security and risk management The current threat and risk landscape Event and venue security and best practices And more!
July 26, 2021
Nerd Out Security Panel Discussion: EP 15. Let’s talk about Health!
In the latest episode of Nerd Out, Dave is joined by everyone’s favorite Crimson Tide enthusiast - Jon Crosson. Jon is the Director of Critical Infrastructure – Vital Services for Gate 15.Jon currently supports the Health Information Sharing and Analysis Center (H-ISAC) as the Director, Special Interest Group Services. H-ISAC is a non-profit organization that is dedicated to protecting the healthcare and public health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information. In the episode, Jon looks at the current security threats facing the health sector and healthcare organizations to include the impact that COVID has had, as well as the battle against mis/disinformation. Dave and Jon then look back at some of Jon's background and how he got in position to be a trusted partner in the community. And finally, turning to one of Jon's true loves, Dave and Jon talk about the upcoming college football season and the outlet for the Crimson Tide. Prior to Gate 15, Jon was a senior operations specialist and project manager for Battelle Memorial Institute. Jon held various positions supporting the Department of Defense (DOD), Department of Homeland Security (DHS) and the U.S. Nuclear Regulatory Commission.Jon served in the U.S. Army as a Field Artillery Officer from 1999-2003. He is a member of InfraGard and a graduate of the FBI Citizens’ Academy. Links to Training referenced by Jon in the pod: FEMA Emergency Management Institute (EMI) Independent Study Course List
July 20, 2021
The Cybersecurity Evangelist: EP 12 – Cyber isn’t Scary, it’s Necessary
On episode 12 of The Cybersecurity Evangelist (TCE) podcast, I chat with a couple of Baby Boomers with varied perspectives of cybersecurity as I take TCE back to its roots – as the cybersecurity podcast for everyone. Ed Heyman (@El_Grillo1) and a mystery guest to talk about “The Great Bewilderment.” We also discuss why boomers are the generation most likely to take privacy and security seriously, and what bare minimum level of cyber awareness everyone should maintain. Resources mentioned in this episode (along with other relevant posts not mentioned): The Social Dilemma – The technology that connects us also controls us. (Netflix original film) Survey finds massive gap in awareness of cyberattacks (Summary of survey by Armis, published on ZDNet) Protecting a New Vulnerable Population on the Internet (@Bob Covello – Tripwire) Protecting the New Most Vulnerable Population – The Grandparent Scam (@Bob Covello – Tripwire) Protecting the New Most Vulnerable Population – Subscription Scams (@Bob Covello – Tripwire) Protecting Your Online Privacy: Three Levels of Security (Tripwire) Security Awareness Tip of The Day (SANS)
July 14, 2021
The Risk Roundtable: EP 21. Ransomware and Terrorism - they never seem to go away.
The Risk Roundtable crew gathers after a long weekend and talks about the latest ransomware and terrorism news not to mention the discussion about the governments decision to release classified information.
July 7, 2021
Nerd Out Security Panel Discussion: EP 14. Reports Galore!
In the latest episode of Nerd Out, Dave is joined by some old friends, Joe and Bridget, while they welcome in Amanda Mason to the panel where they discuss the latest series of reports from the FBI, the U.S. Senate, and from across the pond and the Manchester Arena bombing inquiry. They discuss the value of these type of reports, and the lessons that can be learned from the observations. Amanda then shares some of the insight from the January 6th incident from a first-hand view of the situation as it unfolded. After going through the reports and calling out some of the challenges highlighted the panel goes through a rapid fire session with questions ranging from security trends, ransomware (sorry Jen), and what the panel is reading or watching. The reports discussed include: Active Shooter Incidents 20-Year Review, 2000-2019 Examining the U.S. Capitol Attack: A Review of the Security, Planning, and Response Failures of January 6 Manchester Arena Inquiry Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ Amanda Mason is currently serving as the Vice President of Intelligence for the Related Companies. Her role is to integrate information from various sources and bridge the gap of cyber threats, national security, local law enforcement, physical security and business intelligence. In her role, she provides threat information and solutions to the various subsidiaries under Related, which include Real Estate, Infrastructure, Manufacturing, Hospitality, and International Finance. She is also a reservist currently serving as the Director of Intelligence for the District of Columbia, Air National Guard. With over 24 years of service, Amanda has held various positions in the Intelligence and Special Operations Communities.
July 6, 2021
The Risk Roundtable: EP 20. The latest security news delivered without remorse.
The Risk Roundtable crew jumps into summer with a new episode focused on some of the latest security news. Kicking off the episode, the team looks at the latest FBI report on Active Shooters (Active Shooter Incidents 20-Year Review, 2000-2019) and how organizations can integrate this information into their security planning and preparedness. Then they switch over to talk about a threat that grows stronger each month - Ransomware. Jen breaks down the latest ransomware activity and reminds organizations to not go at it alone! Then while Dave is dancing on mute, the risk roulette goes into some topics about opting out of some services that may feel forced, and the upcoming summer season (Fourth of July) and the security precautions organizations need to remember when planning events. Andy then wraps up the episode sharing how much he loved a certain movie that was Dave's favorite book of all time. Dave might have had something....or three minutes....to say something about it. Some references from the episode: Beer, cheese, fuel, and now meat. What’s next? - Armis Amazon to share your Internet with neighbors on Tuesday - How to opt out Gate 15 HEPS FBI Active Shooter Resources A Study of the Pre-Attack Behaviors of Active Shooters in the United States Between 2000 and 2013 What’s Your Plan? Additional Links: https://blog.malwarebytes.com/malwarebytes-news/2021/06/ransomware-to-be-investigated-like-terrorism/ https://www.theguardian.com/us-news/2021/jun/04/fbi-christopher-wray-cyberattacks-9-11 https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/ https://gate15.global/the-gate-15-interview-ransomware-running-rampant/ And more.... can be found on the Gate 15 Website blog posts: https://gate15.global/blog/
July 6, 2021
The Cybersecurity Evangelist: EP 11 – The ISAC Series – Tribal-ISAC
My final ISAC segment for TCE was a great discussion with two Steering Committee Members from Tribal-ISAC. Bill Travitz – Director, Office of Information Technology, Eastern Band of Cherokee Indians, and Lee Edberg - IT Cybersecurity Manager for Mystic Lake Casino Hotel, Shakopee Mdewakanton Sioux Community. The overall theme of this episode, and the ISAC series in general - We are stronger together! As Lee said, there is invaluable power in numbers with more tribes fighting the threat landscape together; get involved, get to a meeting, and contribute! Similarly for Bill, it’s about being a good neighbor, and that is a value that tribes already have! We all learn from one another. Tribal-ISAC is open to membership for Native American and Alaskan Native tribal government, operations, and enterprises. Resources discussed in this episode: TribalHub TribalNet Conference Tribal ISAC MS-ISAC(Multi-State Information Sharing & Analysis Center)
June 16, 2021
The Gate 15 Interview EP 12. Bryan Ware: Analytics Geek, Emerging Technologies Expert
In this episode of The Gate 15 Interview, Andy Jabbour talks with Bryan Ware, founder and CEO of Next5 (next5.co), a technology-focused business intelligence and strategic advisory firm. In addition to being a successful entrepreneur, Bryan is a self-described “analytics geek” and emerging technologies expert. He has formerly served as the CEO at Haystax Technology and more recently served at DHS Cybersecurity and Infrastructure Security Agency (CISA) as the Assistant Director for the Cybersecurity Division. Bryan on Twitter (@bsware). Bryan on LinkedIn. In the discussion we address: Bryan’s background and his experience in the private sector and at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) His new project, Next5 Critical and emerging technology and associated concerns Geopolitical and other security challenges Find out what Bryan means when he says “I believe in Liquid Diplomacy?” Here his call to service And more! “I’m most passionate about the critical and emerging technologies that are emerging now and will be most important to our lives, economies, and national security 5+ years from now” Bryan Ware A few references mentioned in or relevant to our discussion include: We discussed Bryan’s new company, Next5. From the website, “Next5 helps leading companies develop, acquire and protect the game-changing technologies of the future. Our research provides a current and expert perspective on critical emerging technologies, global supply chains, and geo-political and economic factors that shape opportunities and risks.” See more, including the Next 5 Technology Matrix, from the link above. Bryan mentioned the quote “software is eating the world,” stated by Marc Andreessen. Read more on that in the Wall Street Journal, Why Software Is Eating The World (20 Aug 2011). We mentioned the Five Eyes partnership, which is the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. You can read a little about that from the Office of the Director of National Intelligence, here, or on Wikipedia.
May 24, 2021
Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO!
In the latest episode of Nerd Out, Dave welcomes in Ben Taylor, Executive Director of the Cannabis Information Sharing and Analysis Organization (ISAO). Their conversation looked at the evolution of the industry and the needs that an ISAO can provide to help those in the ever-growing Cannabis industry look at threats and develop strategies to protect their customers and organizations. Ben talked through the announcement of the ISAO and the next steps including offerings on their website and social media platforms. Dave and Ben also looked at the challenges that ISAOs face in getting attention and gaining members, but highlighted the value that they bring and the value of information sharing to the overall strength of the industry. To learn more about Cannabis ISAO, visit their website: https://cannabisisao.org or check out their social media accounts. Twitter: @CannabisISAO and LinkedIn: @CannabisISAO Ben Taylor is the Executive Director of the Cannabis-ISAO. Ben also serves as a Risk Analyst to several Information Sharing & Analysis Centers, and has previous security and operations experience as an Army Officer as well as working through the Department of Homeland Security’s Office of Infrastructure Protection. Ben has also spent several years in marketing and partner development roles within the tourism industry, to include working to promote Cannabis tourism in Oakland, California.
May 18, 2021
The Cybersecurity Evangelist: EP 10 – The ISAC Series, REN-ISAC (Part 2)
TCE continues the chat with REN-ISAC’s Krysten Stevens and Brett Zupan. On this episode: We emphasize the importance of relationship building among higher ed and relevant community resources. Discuss the wide and varied landscape of higher ed and research community. We jump up on our soapboxes about how cyber is a cost of doing business, and not “if” but “when” you become a cyber attack victim. We chat REN-ISAC services, such as Security Event System (SES), Peer Assessment Service, and Workshops (again). Krysten brilliantly reminds us of the “trust community” that the ISACs represent. Brett sucks up to Krysten with a nod to the technical operations team; and of course, Krysten couldn’t help but brag on her team too! As it should be. ;-) Brett rounds out our discussion with a masterful shout out to the NCI (National Council of ISACs). REN-ISAC Resources discussed on this episode: Peer Assessment Service - https://www.ren-isac.net/public-resources/pas/index.html Workshops - https://www.ren-isac.net/public-resources/workshops/index.html Security Event System - https://www.ren-isac.net/member-resources/SES.html Our Trust Community - https://www.ren-isac.net/what-we-do/index.html
May 12, 2021
The Risk Roundtable: EP 19. What becomes of the miscreants?
A year ago, as the pandemic had taken hold around the world, there was a lot of confusion and uncertainty. And while threats were equally as susceptible to COVID, they ultimately rose to exploit the situation. Now that vaccines are being distributed and the world is slowly reopening, does this change the threat environment? The Risk Roundtable crew discusses this potential, as well as other security matters that individuals and organizations should be on guard for moving into the summer months. Then after the risk roulette discussion, complete with music (thanks Dave), Andy leads the gang in a "get to know you" series of questions. Scams: https://www.ftc.gov/coronavirus/scams-consumer-advice Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/
May 4, 2021
The Gate 15 Interview EP 11. Matt Mitchell, a Champion for Security and Privacy
In this episode of The Gate 15 Interview, Andy Jabbour talks with Matt Mitchell, “a hacker and Tech Fellow at The Ford Foundation. Matt is working with the BUILD and Technology and Society teams at Ford Foundation to develop digital security strategy, technical assistance offerings, and safety and security measures for the foundation’s grantee partners. Matt was recently named by WIRED magazine as one of the 25 ‘innovators who are using technology to lead society through this period of global uncertainty and pointing the way to a safer future.’ called the WIRED25.” In 2017, Matt was listed by VICE's MOTHERBOARD as a HUMAN OF THE YEAR, for his work protecting marginalized communities from surveillance. Read more about Matt in this Medium post. Photo by Nick Lee, via Medium. Matt on Twitter. Matt on LinkedIn. In the discussion we address: • Matt’s background • Current projects • Privacy as a right • Privacy as security • And more! “Backdoors… they don’t work…” – Matt Mitchell, in The Gate 15 Interview, recorded 21 Apr 2021 A few references mentioned in or relevant to our discussion include: • Matt Mitchell Is Arming Underserved Communities With Anti-Surveillance Tools, Vice, 14 Feb 2017 • Ford Foundation, BUILD • Ford Foundation, Cybersecurity Assessment Tool • Nigerian Tech Hub Update: It’s Funded, Built, Educating, and… by Ronnie Tokazowski, @iHeartMalware, 08 Apr 2021 • Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs? by Catalin Cimpanu, @campuscodi, on The Record, by Recorded Future, @TheRecord_Media, 18 Apr 2021 • Zero Trust: Enable a remote workforce by embracing Zero Trust security, Micorsoft • William Coffee, NSA 2011 Hall of Honor Inductee, African American Honoree. “In April 1946, William D. Coffee was awarded the Commendation for Meritorious Civilian service for his wartime leadership in exploiting critical enciphered messages. During a time of harsh racial discrimination, he excelled and became the acting supervisor of a segregated office that made impressive contributions to the nation's cryptologic achievements.” • CryptoHarlem • Wikipedia: CryptoParty • On Bug Bounties: Google Project Zero will give a 30-day grace period before disclosing security issues, Kim Lyons, @SocialKimLy, The Verge, @verge, 17 Apr 2021 • The do’s and don’ts of bug bounty programs with Katie Moussouris (@k8em0), by Zack Whittaker, @zackwhittaker, TechCrunch, @TechCrunch, 07 Apr 2021 • Zack Whittaker@zackwhittaker / 3:15 PM EDT•April 7, 2021 • DON'T PANIC. Making Progress on the "Going Dark" Debate, The Berkman Center for Internet & Society at Harvard University "One: the companies want to surveil the people. Two: the organizations, the companies, don't have people's best interests at heart…" – Matt Mitchell, in Vice, 14 Feb 2017
April 26, 2021
Nerd Out Security Panel Discussion: EP 12. High Stress and U....2.
This month the panel is a party of one - Rob Yandow joins again to talk with Dave about high stress situations and preparedness. This is especially relevant given the reopenings and the latest hostile event situations. Rob goes into detail about the phsiology of fear, as well as how and why individuals respond to high stress situations the way they do. Using various examples, Rob hammers home the various stages in the survival arc - denial, deliberation, and decisive action. And most importantly, the podcast talks about the ways organizations can use this information to train and prepare to respond. Then Dave is joined by a special guest to talk about the greatest band ever. Rob Yandow is a security expert who is a former police officer and who works with the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) and serves as the Co-Chair of their Business Resilience Group - website: https://faithbased-isao.org. Twitter: @RobYandow
April 20, 2021
The Cybersecurity Evangelist: EP 9 – The ISAC Series, Part 5 – REN-ISAC
Despite the razzing I got from the guys (David Pounder - host of the NerdOut! Security Panel Discussion, and Andy Jabbour - host of The Gate 15 Interview) during the last Risk Roundtable, the TCE ISAC Series continues!!! This time, REN-ISAC (Research & Education Networks Information Sharing & Analysis Center) joins me. REN-ISAC serves the higher education and research community by promoting cybersecurity operational protections and response. For this episode, I enjoyed a fun and lively chat with Krysten Stevens, “new” Director of Technical Operations, and Brett Zupan, Risk Analyst and DC Liaison. We talked about threats facing the research and higher education community and bragged on Kim Milford’s (REN-ISAC’s Executive Director) amazing vision in 2019 to execute a series of workshops that had colleges, universities, and relevant community partners, such as state/local health departments and law enforcement working together through an infectious disease scenario – a scenario the team thought might be going too far… Resources discussed on this episode: https://www.ren-isac.net https://gate15.global/the-gate-15-interview-from-blended-threats-to-pandemic-lessons-learned-a-candid-conversation-on-higher-education-security-and-resilience-with-ren-isacs-kim-milford/ https://www.ren-isac.net/public-resources/csirt.html https://www.ren-isac.net/public-resources/workshops/index.html https://www.caudit.edu.au/
April 12, 2021
The Risk Roundtable: EP 18. Security / Analytical Bias.
The Risk Roundtable crew looked at the increasingly important idea of security bias and security blindness. The group specifically looked at how bias in analysis can lead to security blindness and the minimization and exaggeration of threats. Within the analytical community it is important to note how bias exists in virtually everything and the team discussed ways in which bias could exist from the analyst, but also by those that receive the data. Andy, Jen and Dave discussed some of the root causes and how this can lead to and continue a cycle of misinformation and disinformation if not handled correctly. In fact, the more divisive our politics become, the more bias our media, the more people – politicians, the media, foreign governments, and others - fan the flames of division, the more challenging the role of the analyst can become. In the end, bias is a discussion that is encouraged to be had by all organizations to ensure they are accurately representing the threat and risk to the organization. Next the team looked at their roulette items (Dave even shared the theme song on demand!) reminding listeners of the Microsoft Exchange Vulnerability and to update their systems. In addition, as reopenings are occurring around the world in varying degrees, it is important that organizations review security plans and processes. Items highlighted in the Podcast: Health ISAC Spring Summit open to members and non-members: https://h-isac.org/summits/secured-in-paradise-spring-2021-summit/ Agenda: https://web.cvent.com/event/cd1e7b44-7e38-487b-bd1f-b4f39cc82a11/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce Troy Hunt Confirmation Bias - and good read: https://www.troyhunt.com/lets-stop-the-5g-hysteria-understanding-hoaxes-and-disinformation-campaigns/ Additional information about the Microsoft Exchange Vulnerability: https://cyber.dhs.gov/ed/21-02/ https://us-cert.cisa.gov/ncas/alerts/aa21-062a FortiOS Vulnerability: https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios CISA Cybersecurity Directives and Implementation Guidance Site: us-cert.cisa.govus-cert.cisa.gov
April 6, 2021
The Gate 15 Interview EP 10. James Whalen, Technology and Cybersecurity Leadership
In this episode of The Gate 15 Interview, Andy Jabbour talks with James Whalen, SVP, Chief Information & Technology Officer, Boston Properties. In this podcast we address: Jim’s background Changes in facilities; changes in security Threats facing facilities and broader implications Security and collaboration And more! James Whalen: James Whalen serves as Senior Vice President, Chief Information & Technology Officer for Boston Properties where he is responsible for the direction and implementation of technology services and solutions. Prior to joining the Company in March 1998, he served as Vice President, Information Systems of Beacon Properties. He is a graduate of the University of Notre Dame and a recipient of the New York City Urban Fellowship. Mr. Whalen is a current trustee and past President of the Boston Chapter of the Society for Information Management (SIM) and serves on the Real Estate Cyber Consortium, Realcomm Advisory Council, Commercial Facilities Cyber Working Group, TechHire Boston and Boston Private Industry Council. LinkedIn. A few references mentioned in or relevant to our discussion include: · The Real Estate Information Sharing and Analysis Center (RE-ISAC). “The Real Estate Information Sharing and Analysis Center (RE-ISAC), a not-for-profit information sharing entity organized by The Real Estate Roundtable in February 2003, is a public-private partnership between the US commercial facilities sector and federal homeland security officials which serves as the primary conduit of terrorism, cyber and natural hazard warning and response information between the government and the commercial facilities sector.” · InfraGardNCR: Commercial Facilities Cyber Working Group (CCWG) · FBI IC3 Cyber Crime Report: FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report & PDF: 2020 Internet Crime Report, 17 Mar 21 · Palo Alto Networks: Highlights from the 2021 Unit 42 Ransomware Threat Report & Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report, 17 Mar 21 · Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%, 04 Mar 21 · Realcomm Advisory Council
March 23, 2021
Nerd Out Security Panel Discussion: EP 11. Reopenings, Protests, and the future of Conspiracy
In the latest episode of Nerd Out, Dave and his merry band of nerdies, Bridget, Travis, and Joe, look at the latest news around the reopening and what organizations need to be on guard for as crowd sizes and capacity limits will test the ongoing health pandemic. Then the group looks at the way threat actors may respond. Will it be a target of opportunity or will new security measures be disruptive enough. Next, the panel looked at recent protests, and the potential for future protests (did people really forget about May Day!) and what ways they may change in a reopened world. Finally, what is the future of conspiracy theories and the movements that were charged over the past several years? The group then lightened it up a bit and went through some lightning round questions and discovered that the Snyder Cut really isn't a thing because no one particularly cared for it in the first place to even know it was a thing. Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: firstname.lastname@example.org Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
March 16, 2021
The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 - Faith-Based ISAO
TCE welcomes Faith-Based ISAO Executive Director, Mayya Saab on this episode. And no, this isn't the "FBI" ISAO... ;-) Listen in to find out what Mayya loves most about her role and her heart's desire in helping the entire community of faith be secure and resilient. Check out FB-ISAO at https://faithbased-isao.org/
March 10, 2021
The Risk Roundtable: EP 17. Oldsmar, Conspiracy Theories, and Arnold Shirts
In the latest episode of the Risk Roundtable, Andy, Jen, and Dave look at some recent events (Oldsmar) while looking ahead to upcoming events that may present risks (Qanon, the George Floyd murder trial, and upcoming religious holidays) but only after talking about Andy's taste in shirts. Then in the risk roulette, which Dave forgot again to find music for (or did he), Dave wonders about weather preparedness is overhyped while Jen circles back to lessons learned from Solar Winds and the concept of "zero trust" - not in Andy and Dave but in terms of cybersecurity. The gang wraps up talking about some of their struggles and what they are watching. But that's not all - after the credits Dave may have redeemed himself with a new theme for the risk roulette. Some of the links from today's episode: YouTube: Treatment Plant Intrusion Press Conference, 08 Feb. WaterISAC: 15 Cybersecurity Fundamentals for Water and Wastewater Utilities Gate 15: Blended Threats: Did Florida’s Cyber Attack Whet Your Appetite for Better Preparedness and Security? NSA: NSA Issues Guidance on Zero Trust Security Model Forrester: Zero Trust Is Not A Security Solution; It’s A Strategy The Hacker News: SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020 Vice: QAnon Isn’t So Sure Trump Will Magically Become President Again on March 4 Ready.gov: Plan Ahead for Disasters
March 2, 2021
The Gate 15 Interview EP 9. Mark Herrera on Venues, Safety, and Security in 2021
In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM; @IAVMWHQ). In this podcast we discuss a range of issues from the pandemic’s impact to venues, to security and preparedness with broad applicability to all organizations - from venues to places of worship, and across events and facilities of all types. We discuss a wide range of issues from the impacts of COVID on venues and events, and what lies ahead in 2021, ideas on enhancing security through conflict management and professionalism, and lot more. Mark talks about the importance of “programming the mind through mental preparation” noting that, “the body will go where the mind has been, if the mind hasn’t been there the body will not follow.” Mark is always full of great quotes. Some are shared below; listen to the conversation for more great insight and Herrera-isms! In the discussion we address: Mark’s backstory IAVM The pandemic’s impact to venues Where the venue community is going in 2021 Resetting security and the physical threat environment Organizational and personal security best practices And more! Mark Herrera: Herrera is the Director of Education & Life Safety for the International Association of Venue Managers and recognized as one of the 25 most influential leaders in the meetings and event industry. As part of his duties, Mark teaches Situational Awareness-Mindset training aimed at giving venues the tools to be safer and more secure. The training emphasizes on Exceptional Focus, Performance, and Control in Extreme Situations and Risk Mitigation through Guest Services Interjection. In addition, as the Director of Education for IAVM, Herrera represents the Department of Homeland Security Office of Infrastructure Protection through the Public Assembly Facility Sub-Sector Council. For Mark’s complete bio, see below. Twitter: @IAVM_Herrera; LinkedIn; Instagram; Facebook. · IAVM on Twitter; LinkedIn; Instagram; Facebook. And learn about: · IAVM’s Academy for Venue Safety and Security · IAVM’s VenueConnect 2021, at the Georgia World Congress Center in Atlanta, 02-05 Aug 2021
February 22, 2021
Nerd Out Security Panel Discussion: EP 10. Singapore, Norway, Minnesota - what does it mean?
In the latest episode of Nerd Out, it was a five star day for Dave. First, you can hear him open up with his "Warrrrshington" versus President's Day poll (did you see what I did there), followed by the group getting into a discussion about behaviors and indicators of hostile events related to recent arrests and incidents in Singapore, Norway, and Minnesota, and the role that mental health plays a role into it. The team then looks at reporting such instances, before getting into the Florida Water breach and the ramifications as it highlights the various ways blended threats can have an impact to organizations. Unfortunately a real-time weather event prevented the group from getting into their lightning round (no pun intended considering the weather event), but not before Bridget was able to share her true feelings for a certain seven time Super Bowl winning quarterback. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
February 16, 2021
The Cybersecurity Evangelist: EP 7 - The ISAC Series, Part 3 - Real Estate ISAC
Dave "Quarter" Pounder, host of the famed NerdOut! Security Panel Discussion joins me on this episode of The Cybersecurity Evangelist. Dave and I talk about the Real Estate ISAC. And no, it's not just for real estate companies - although I may have dropped a hint in the opening commentary about TCE being a great sponsorship opportunity for Berkshire Hathaway/Warren Buffet... ;-) Wouldn't that be nice! Dave and I had fun talking about how RE-ISAC shares information about potential physical and cybersecurity threats and vulnerabilities to help protect commercial facilities and the people who use them. Visit https://www.reisac.org/ to learn more!
February 10, 2021
The Risk Roundtable: EP 16. Singapore, Emotet, and the Roulette.
After opening up about their love of Groundhog day, the holiday and movie, the Risk Roundtable gang gets into the meat of their security discussions around the latest arrest in Singapore (Hostile Events), upcoming significant events to factor into consideration, and the global takedown of Emotet (the malware, not a weird allusion to the Egyptian god). Then in the Risk Roulette, which Dave still does not have good music for, the group discussions if there is anything to consider when looking at the Robin Hood / Wall Street Bets activity last week and the Capitol Hill riot, as well as the lingering effects of Solar Winds. The gang wraps it all up with some personal preferences before Andy tries to convince himself the Lions are still a football team. Some of the links referenced in the show include: EMOTET: https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation https://www.eurojust.europa.eu/worlds-most-dangerous-malware-emotet-disrupted-through-global-action https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/emotet-botnet-takedown-what-you-need-to-know/ https://www.bleepingcomputer.com/news/security/fonix-ransomware-shuts-down-and-releases-master-decryption-key/ “Why Joe Biden Can’t Bring His Peloton to the White House” – Popular Mechanics (https://www.popularmechanics.com/technology/security/a35190713/joe-biden-peloton-white-house-security-risk/) Is Joe Biden’s Peloton a cybersecurity risk? Don’t sweat about it - Graham Cluley (https://grahamcluley.com/is-joe-bidens-peloton-a-cybersecurity-risk-dont-sweat-about-it/)
February 2, 2021
Nerd Out Security Panel Discussion: EP 9. Moving forward from Inauguration.
In the latest Nerd Out podcast, Bridget, Joe and Travis join Dave to discuss the continued fallout from the 06 January events at Capitol Hill and what it means post-Inauguration. Here's a hint, we still need to be prepared for domestic terror groups and how they may spin events for their benefit. The group then looks at what 06 January means from a security perspective moving forward and what lessons can be learned. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
January 27, 2021
The Gate 15 Interview EP 8. A discussion with Advanced Intelligence Chairman and CEO Vitali Kremez
In this episode of The Gate 15 Interview, Andy Jabbour talks with Vitali Kremez, the Chairman & CEO at Advanced Intelligence. In this podcast we discuss a lot of areas – from Vitali’s fascinating background, guitar playing, and journey to the United States, security issues, emerging and enduring threats and best practices, the evolving challenge of blended threats and convergence, and much, much more. A few relevant links to our podcast include: Advanced Intelligence Advanced Intelligence, Twitter: @IntelAdvanced VK Intel: Digital Forensics & Incident Response Twitter: @vk_dfir Bellingcat: Global Investigative Journalism Network The Citizen Lab AdvIntel & HYAS: Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders, 06 Jan 21. AdvIntel & Eclypsium: Persist, Brick, Profit -TrickBot Offers New “TrickBoot” UEFI-Focused Functionality, 09 Dec 20. AdvIntel: Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike, 06 Nov 20. DHS CISA Reduce the Risk of Ransomware, 21 Jan: “The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.” Read more. Convergence: The Cybersecurity and Infrastructure Security Convergence Action Guide describes the complex threat environment created by increasingly interconnected cyber-physical systems, and the impacts that this interconnectivity has on an organization’s cybersecurity and physical security functions. It also provides information that organizations can consider to adopt a holistic cyber-physical security approach through a flexible framework. Read more. PDF. And if you want to find out more about blended threats and convergence, check out some of our recent blog posts, including: Blended Threat Implications from Bombings like Nashville The Pandemic’s Blended Threats Impact to Healthcare Blended Threats: When Ransomware Kills… Blended Threats: That Time When Ransomware Shut Down Border Security… Blended Threats: Holding Buildings Hostage
January 25, 2021
The Cybersecurity Evangelist: EP6 - The ISAC Series, Part 2
This month, The Cybersecurity Evangelist talks with WaterISAC's Director of Preparedness and Response, Chuck Egli. The conversation ran a little longer than I like to aim for, but it's understandable given that Chuck and I work closely together in support of WaterISAC. Plus, with WaterISAC being one of the oldest ISACs, I'm quite certain they've earned the extra spotlight! After a much longer than normal opening comment (I sense a trend here) running down a list of many of the ISACs - (most of) which you can find on The National Council of ISAC's webpage at https://www.nationalisacs.org/member-isacs - Chuck and I talk about all the ways WaterISAC supports the security and resilience of the water and wastewater sector with an all-hazards approach (not just cyber). Chuck's parting thoughts: Look into your ISAC community or ISAO…there is one for you!! While many have membership models, so many of them offer information and assistance for the benefit of all toward the greater global good. For more information about WaterISAC, check out its webpage at https://www.waterisac.org/
January 12, 2021
The Risk Roundtable: EP 15. Nashville, Solar Winds and more!
The Risk Roundtable gang kicks off 2021 with two events that ended 2020 - the Christmas Day bombing in Nashville and the Solar Winds cyber event. Andy, Jen and Dave go through the incidents and look at the responses in each instance as well as what may come of it moving forward in 2021 though maybe no lizard people (Shoutout to "V"!). Then in the Roundtable Roulette, Dave brings up how to deal with dis/misinformation while Jen reminds everyone that new year doesn't mean that we can forget about our stable of cyber threats, most notably Ransomware which continued to evolve throughout the year. Finally, with it being a new year, the gang looked at personal and professional goals such as Dave's desire to read more, Jen completing her "she-shed" and Andy's desire to be more like Dave. Andy's reference to Russian Hacking: https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html
January 4, 2021
The Gate 15 Interview EP 7. A look at 2020, security, and the media with Runa Sandvik and Brad Barkett
In this episode of The Gate 15 Interview, Andy Jabbour enjoys a really fun talk with Runa Sandvik and Brad Barkett, two security veterans both with considerable experience working to secure media at some of America’s most well-known papers. In this podcast we discuss: 2020 and the cyber threat environment The threats facing media today The role of media in security What we might anticipate in the new year Among other topics! Runa and Brad share some candid perspective, and a few fun tidbits about themselves in this year-end discussion on the cyber threat environment, security issues, and the media. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations. Runa Sandvik: Runa is a senior security researcher with years of experience in security and information sharing. Today, Runa works on digital security for journalists and other high-risk people. Her work builds upon experience from her time at The New York Times, Freedom of the Press Foundation, and The Tor Project. She is a board member of the Norwegian Online News Association, and tweets as @runasand. Brad Barkett: Brad a 20 year security veteran, and has been working as a security architect for the Washington Post since 2015, with a background in telecoms, MSS, IDS, DDOS, firewalls, proxies. Currently , Brad has a preference for social topics like cyber anti-personnel, disinfo, OSINT, threat intel, social psychology, and social engineering. Long standing hobby interests include synthesis and electronic music, and more recently, being a relatively middling 40+ amateur folkstyle wrestler and nogi jiu-jitsu player. Brad has two brothers, Mike and JJ, who are also security professionals. A few references mentioned in our discussion include: · Ford Foundation Cybersecurity Assessment Tool. · Freedom of the Press Foundation · A new report from the Freedom of the Press Foundation: A record breaking number of journalists arrested in the U.S. this year · Updating how we think about security, INFILTRATE 2018, by Matt Tait
December 28, 2020
Nerd Out! Security Panel Discussion: EP 8. Looking back to look forward and holiday goodies!
In this year end Nerd Out Security Panel Discussion podcast, the gang takes a look at the events of 2020 and the impacts they had on individuals and organizations and attempted to pull out lessons to be learned as we get ready to kick off 2021. But before digging into the topics, Bridget shared some personal news related to the impacts of COVID. The group then built upon Bridget's moving account and discussed that while COVID obviously dominated the news, there were other security issues that caused disruptions and may have gone overlooked - or maybe not. The discussion then took a detour and went into some lighter, jovial discussions around food choices around the perfect holiday meal, the team passes out some security resolutions and reminders to focus on in the hope of starting 2021 on a better foot. Thanks to all the listeners and followers - 2020 gave us the opportunity to kick off this podcast channel and we look to keep security at the forefront of these discussions in 2021 and beyond! Happy holidays! Bridget's article can be found here: https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/ Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Assistant Deputy Director, Critical Infrastructure Protection & Physical Security. Twitter: @dronin_on; email: firstname.lastname@example.org Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
December 22, 2020
The Risk Roundtable: EP 14. What security incident won the year?
Wrapping up a wild 2020, the Risk Roundtable crew looks at the security event or incident that took home the prize of most impactful. And no, COVID was not allowed! Was it "truth decay", domestic terrorism, ransomware, or any number of other incidents? The only thing that could be determined was that Dave was not getting any points for his submission. Then the gang played a little Roundtable Roulette and shared some of the areas that they would be looking at moving forward while also recognizing the courage of their teammate Bridget Johnson, who recently wrote about the passing of her mother from COVID (https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/). Also discussed were security situations around the vaccine dissemination and holiday shopping scams....fa-la-la-la-oh no! References brought up in the show: Coveware: Ransomware Recovery First Responders. Q3 Ransomware Demands rise: Maze Sunsets & Ryuk Returns My Mom Died of COVID-19, and Disinformation Was the Virus’ Accomplice, December 3, 2020 Bridget Johnson // https://www.hstoday.us/subject-matter-areas/emergency-preparedness/my-mom-died-of-covid-19-and-disinformation-was-the-virus-accomplice/ use a quote. COVID vaccines… WSJ Your Boss Can Restrict Your Holiday Plans in the Pandemic, https://www.wsj.com/articles/your-boss-can-restrict-your-holiday-plans-in-the-pandemic-11607301504 06 dec. Shopping scams… Jen’s fa-la-la post… Security Awareness – ’Tis the Season to be Scammy, Fa-la-la-la-la… 20 November 2020, https://faithbased-isao.org/security-awareness-tis-the-season-to-be-scammy-fa-la-la-la-la Rand: https://www.rand.org/pubs/research_reports/RR2314.html Gate 15 SUN: https://paper.li/gate15#/ - cold calls Thank you all for listening this year and we are excited to continue bringing up security matters and how they may impact organizations in 2021! We hope you all have a happy holidays and enjoy the time however you choose to celebrate. Stay safe!
December 8, 2020
The Gate 15 Interview EP 6. From Blended Threats to Pandemic Lessons Learned with REN-ISAC’s Kim Milford
In this episode of The Gate 15 Interview, Andy Jabbour talks with Kim Milford, the Executive Director of the Research and Education Network Information Sharing and Analysis Center (REN-ISAC) which is focused on aiding and promoting operational protection and response within the research and higher education (R&E) communities. In this podcast we discuss: • REN-ISAC, higher education and critical infrastructure • The higher education threat landscape • REN-ISAC Blended Threat Workshops • Higher ed security coordination • COVID-19 lessons learned • Emerging concerns for higher ed and critical infrastructure • And more! Kim Milford serves as Executive Director of the REN-ISAC, working with research and education institutions, partners, and sponsors to provide services and information that allow member institutions to better defend technical environments from cyberthreats. Ms. Milford oversees administration and operations for the REN-ISAC. Ms. Milford served in several roles leading strategic IT initiatives since 2007 at Indiana University. Read more. Twitter REN-ISAC: “The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) serves over 650 member institutions within the higher education and research community by promoting cybersecurity operational protections and response. REN-ISAC member institutions benefit from Security Event System (SES) threat intelligence and other automated data collection and sharing tools to enable informed decisions about threats and events, as well as peer assessment services to improve the institution’s overall security posture.” Read more. Twitter. Find out more about REN-ISAC, and access some of the items mentioned in our discussion below: REN-ISAC REN-ISAC: Higher Education Enterprise Risk Management Leadership, 06 March 2018 Security Spotlight: An Interview with REN-ISAC Executive Director, Kim Milford, 11 Jun 2018 REN-ISAC Workshops 2019 REN-ISAC Blended Threats Workshops: Read 2019 Report & Read 2019 Report Brief 2018 REN-ISAC Blended Threats Workshops: 2018 Final Findings Report & 2018 Final Findings Report Brief BT workshop pages, reports. Gate 15: Webinar Recording: Getting Started Now: Pandemic Preparedness After-Action Reports, 17 April 2020 Gate 15: Pandemic Preparedness: Start Your After-Action Report & Improvement Planning (NOW) 26 May 2020
November 23, 2020
Nerd Out! Security Panel Discussion: EP 7. Protests, Terrorism, Holidays and love for Chris Krebs!
In the latest episode of the Nerd Out Security Panel Discussion podcast the gang reviews the election and what didn't happen and how lessons can be learned from that as well as looking at the current state of protests and how faith-based organizations have been on the front lines of support as well as taking up action. Then the panel looks at the current terrorism threat and how that could impact the upcoming holiday season for stores as well as faith-based organizations. In the lightning round, the panel shares pays tribute to the OG Chris Krebs for his handling of the election and dis/misinformation, as well as tackle other topics. Security expert Rob Yandow joins host Dave Pounder, Bridget Johnson and Joe Levy this month! Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: email@example.com; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Rob Yandow is a security expert who is a former police officer and who works with the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) and serves as the Co-Chair of their Business Resilience Group - website: https://faithbased-isao.org. Twitter: @RobYandow Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
November 17, 2020
The Cybersecurity Evangelist: EP 5 – The ISAC Edition, Part 1 (for Infrastructure Security Month)
For this November episode of TCE I’ve decided to take on National Critical Infrastructure Security and Resilience Month, Critical Infrastructure Security and Resilience Month, Critical Infrastructure Month, Infrastructure Security Month, whew! Actually, I’ve been almost as overwhelmed with responses from people wanting to be a part of this edition as I am with the litany of names given to this critical observance. That said, this edition/theme is likely to be in three or four parts so we can evangelize as many ISAC’s (and ISAO’s) as we can! During this episode we get the ISAC party started with discussions from DNG-ISAC and MM-ISAC! Links to resources and organizations mentioned in this episode: Infrastructure Security Month https://www.cisa.gov/ismonth Critical Infrastructure Sectors https://www.cisa.gov/critical-infrastructure-sectors National Council of ISACs, list of member ISACs https://www.nationalisacs.org/member-isacs Downstream Natural Gas ISAC https://www.dngisac.com/ The Social Dilemma film https://www.thesocialdilemma.com/ Mining & Metals ISAC http://www.mmisac.org/ Perch Security https://perchsecurity.com/
November 10, 2020
The Risk Roundtable: EP 13. Finally, Critical Infrastructure has come back to RR!
At long last, and after countless suggestions, the team channels their inner "Rock" and brings Critical Infrastructure back to the Risk Roundtable. After discussing Critical Infrastructure Security and Resilience Month and some of the key threats facing critical infrastructures. Andy then guides the team through some quick hits including Jorhena's appreciation for November also serving as Gratitude Month, or Dave Pounder Appreciation Month, Dave encouraging us to consider Security Mindfulness and Jen making sure we didn't forget any of the many threats facing Critical Infrastructure. And even though this was generally an "election free" podcast, be sure to catch Jorhena as she talked about election misinformation issues on Good Morning DC - link to follow. Plus someone is a little sensitive about Spookley the Square Pumpkin. Critical Infrastructure and Resilience Month: https://www.whitehouse.gov/presidential-actions/proclamation-critical-infrastructure-security-resilience-month-2020/ CISA Critical Infrastructure Security Reslience Guide: https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security-Resilience-110819-508v2.pdf Media in Disasters and Emergencies: Social Media Working Group for Emergency Services and Disaster Management: https://www.dhs.gov/sites/default/files/publications/SMWG_Countering-False-Info-Social-Media-Disasters-Emergencies_Mar2018-508.pdf Andy's Election Blog - Elections Perspective: On November 4th, let us stand together as Americans: https://gate15.global/elections-perspective-on-november-4th-let-us-stand-together-as-americans/
November 3, 2020
The Gate 15 Interview EP 5: Elections Security 2020, with the FBI and the Elections Infrastructure ISAC
In this episode of The Gate 15 Interview, Andy Jabbour talks with Ben Spear, Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) and Al Murray, currently serving as the Assistant Special Agent in Charge over Cyber Investigations at FBI’s Washington Field Office (WFO). In our discussion we address: Recent election history and security issues; Threats to the upcoming 2020 election; What to expect on election day (and after); Words of wisdom for citizens and elections officials. Please enjoy this episode of The Gate 15 Interview on Anchor, Apple, Spotify, as well as other locations.
October 26, 2020
Nerd Out! Security Panel Discussion EP 6. Extremist Threats at Home and Abroad.
The Nerd Out Security Panel tackles the latest terrorist incidents in France as well as the disrupted plot in Michigan. There are a lot of valuable lessons learned from these incidents, as well as the recent revelations from the 2017 Manchester concert bombing. The group then goes rapid fire through some security topics to include concerns through the end of the year, security issues we may not be talking about, Edward Snowden, Magnum PI, Spencer for Hire and more. Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on; email: email@example.com Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
October 20, 2020
The Cybersecurity Evangelist: EP4 – “Am I doing enough?” Part 2
Shay Trembley, Information Security Manager of South Blount Utility District, and I finish up the remaining 4 "P's of Basic Cybersecurity" - a timely topic in recognition of National Cybersecurity Awareness Month (NCSAM). We address passwords, privacy, patching, and protection, and include several of our personal favorite resources for cybersecurity awareness for everyone. Shay's final tip: she encourages everyone to speak up and share information. The more everyone shares information about the cyber threats and risks, or even suspected threats and risks, the better we will all be informed and #BeCyberSmart. In recognition of NCSAM, we individually listed a ton of resources to help businesses and individuals to #BeCyberSmart: https://staysafeonline.org/, including National Cybersecurity Awareness Month and other NCSA resources https://www.sba.gov/ https://www.cisa.gov/ https://www.cisa.gov/information-sharing-and-awareness(for more on Information Sharing and Analysis Centers) https://krebsonsecurity.com/ https://paper.li/gate15#/ https://www.sans.org/security-awareness-training/ouch-newsletter https://cybercrimesupport.org/ https://fraudsupport.org/ https://cyberreadinessinstitute.org/ https://www.idtheftcenter.org/ https://haveibeenpwned.com/ https://www.ic3.gov/ https://stopthinkconnect.org/
October 14, 2020
The Risk Roundtable: EP 12. Bring Your Own Topic.
Andy, Jen, Jorhena and Dave go through a plethora of security topics as they introduce the "Opening Shot", before digging deep into some trends they have noted across industries to include the ever present cyber threats (hello ransomware), and social media threats, as well as touching on the upcoming elections. Then the team gets personal and talks about some of the things that have kept them busy over the past couple of months to include Jorhena's upcoming publication! Some references that were dropped during the pod: National Cybersecurity Awareness Month (NCSAM): https://www.cisa.gov/national-cyber-security-awareness-month https://staysafeonline.org/cybersecurity-awareness-month/ https://staysafeonline.org/cybersecurity-awareness-month/champions/view-all/ https://www.cisa.gov/national-cyber-security-awareness-month https://www.shodan.io/ Black Hills Information Security: Backdoors and Breaches Incident Response Game: https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ FBI Social Media Threat Movie - The Nevernight Connection: https://www.fbi.gov/investigate/counterintelligence/the-china-threat/clearance-holders-targeted-on-social-media-nevernight-connection
October 6, 2020
The Gate 15 Interview: EP4. A look at Ransomware.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Jeremy Kennelly, a manager and principal analyst on FireEye’s Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. In the discussion we address: • The history of ransomware; • Ransomware’s evolution from WannaCry to present; • The current threat environment and best practices; • Where ransomware could be going into the future and the idea of blended threats.
September 28, 2020
Nerd Out! Security Panel Discussion: EP 5. Discussing Venues
On this month's Nerd Out! Security Panel Discussion, Dave Pounder hosts Joe Levy, Bridget Johnson and Travis Moran to talk about venue security and what it means in the coming months with the upcoming election and various outdoor events. The group also talks about drones, wildfires, and touches on National Insider Threat Awareness Month (https://www.cdse.edu/itawareness/index.html#0). Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
September 22, 2020
The Cybersecurity Evangelist: EP3 - "Am I Doing Enough?" Part 1
I am joined by Shay Trembley on the third episode of The Cybersecurity Evangelist (TCE). Shay and I discuss practical tips to the question “Am I doing enough?” We begin our chat with a very real-world incident that nearly cost a small-town water utility $3.2M in fraudulent wire transfers. Then we make a quick nod to two very “human-oriented” awareness initiatives before wading in to what I am calling on this episode, “the 5 P’s of basic cybersecurity” to help make sure you ARE doing enough! Resources discussed on this episode: KnowBe4 Mac Help for Mom (the content has not been updated in awhile, but is still useful for “mom” ;-) ) National Insider Threat Awareness Month National Cyber Security Awareness Month Sun Tzu’s The Art of War - For more discussion on The Art of War and cybersecurity, you might enjoy this post, Sun Tzu’s ‘The Art of War’ for Cybersecurity
September 18, 2020
The Risk Roundtable: EP 11. Protests and Security Awareness Months
In the latest episode of the Risk Roundtable, Andy leads Jen, Jorhena and Dave through a myriad of topics including the latest protest activity and what it means for organizations, as well as doing their part in promoting the latest Insider Threat Awareness Month, National Preparedness Month and the upcoming Cybersecurity Awareness Month. Protest activities can take on a life of their own and create challenges for organizations and their respective security teams. The team digs into how awareness and understanding can help them address these challenges that don't fit into the one-size-fits-all model of past protests. Resources: Insider Threat Awareness Month Scenario Cards: https://www.cdse.edu/documents/toolkits-insider/it-scenario-cards.pdf Insider Threat Awareness Month: https://www.cdse.edu/itawareness/index.html National Preparedness Month: https://www.ready.gov/september Cybersecurity Awareness Month: https://staysafeonline.org/cybersecurity-awareness-month/ What’s Your Plan? James DeMeo: https://jamesademeo.com Tesla Insider Threat Department Of Justice Announcement: https://www.justice.gov/opa/pr/russian-national-arrested-conspiracy-introduce-malware-nevada-companys-computer-network Cisco Insider Threat Incident: https://www.bankinfosecurity.com/ex-cisco-engineer-pleads-guilty-in-insider-threat-case-a-14917
September 1, 2020
The Gate 15 Interview: EP 3. Disinformation, Misinformation… Too Much Information!?!
In this episode of The Gate 15 Interview, Andy Jabbour talks with Michael Klein, a K-12 IT Director and a leader for CTI League’s Disinformation Team, and Lee Foster, Senior Manager, Information Operations Analysis, with FireEye Intelligence. The group discusses: What we mean by the terms “misinformation” and “disinformation;” Information operations with regard to the COVID-19 pandemic; Geopolitical and domestic political interests and issue manipulation; Election disinformation, past, present and future; Ideas on deepfakes and the use of Synthetic Media; And Andy manages to work in another musical reference.
August 24, 2020
Nerd Out! Security Panel Discussion: EP 4.
Join Dave, Bridget Johnson, Travis Moran, and Jon Crosson as they talk about the latest security matters. Following up on the last episode, the panel discussed the cancellations of NCAA conference fall sports seasons including the increasingly popular College Football schedule. That was a smooth transition into the innovative ways networks have covered sports and if there was any type of innovation to the security sector. Could organizations replicate security "fans" or "crowd noise" - is that even a thing? And then we looked at the challenges within the healthcare sector and talked about how mental health and a future vaccine could impact security or fuel conspiracy theories. Jon Crosson works at the Health-Information Sharing and Analysis Center (H-ISAC). Their website (h-isac.org) includes a paper on information sharing best practices. Travis Moran is the Vice President of Operations at Welund North America. Twitter: @dronin_on Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/o/homeland-security-today-30028526516). Twitter: @BridgetCJ
August 18, 2020
The Cybersecurity Evangelist - Demystifying Cybersecurity Myths - Part 2
This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity - even if we don’t have an online presence - and why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.
August 11, 2020
The Risk Roundtable: EP 10 - Geopolitics, Partnerships and Information Sharing
On the latest Risk Roundtable, the Gate 15 team discusses geopolitics and the impacts they have had on businesses around the world. Listen to Andy, Jorhena, Jen and Dave then get into partnerships and the need to rely on trusted relationships and information sharing. But they couldn't escape COVID and they weighted in on the impact it has had on sports leagues while hearing Andy's hope for his favorite football team.
August 4, 2020
The Gate 15 Interview: EP 2
In the newest episode of The Gate 15 Interview, Andy Jabbour talks with Errol Weiss, Chief Security Officer with the Health Information Sharing & Analysis Center (Health-ISAC). In their discussion Errol and Andy discuss the evolving cyber threat landscape - from those aimed at the healthcare community, the development of blended threats, ransomware, some of the cybersecurity challenges relating to COVID-19, and more. They also talk about the the benefits and challenges of information sharing and collaboration, and what it takes to make it successful.
July 27, 2020
Nerd Out! Security Panel Discussion: EP 3
In the latest episode, Dave is joined by Bridget Johnson, Travis Moran and Chuck Eglic to talk over the latest security matters. Teeing up with sports in the world of COVID, the group then "nerds out" about drones of the suicide variety, extremism and disinformation. Some references mentioned in the pod: Bridget's article on conspiracy theories: https://www.hstoday.us/subject-matter-areas/counterterrorism/conspiracy-theory-extremism-when-viral-claims-turn-dangerous/ START Report: https://mailchi.mp/start/new-radicalization-data-358122?e=b787119265 Drones: https://www.thedrive.com/the-war-zone/34414/we-talk-killer-drones-and-the-future-of-unmanned-warfare-with-aerovironments-steve-gitlin
July 22, 2020
The Cybersecurity Evangelist: EP 1 - Demystifying Cybersecurity Myths
Welcome to the inaugural episode of The Cybersecurity Evangelist - a cybersecurity podcast for everyone. On the last Gate 15 Risk Roundtable (Ep 9), I eluded to following up on the topic of ransomware for this first episode. But after some deliberation, I thought a better place to start a new podcast on cybersecurity and how it is relevant to everyone, was to myth bust some commonly held beliefs. This episode is part 1 of 2, where I phish for answers by demystifying some myths with help from Travis Farral, including how cybersecurity is more than just a technology/computer problem, how increasing your cyber hygiene and security posture does not have to cost a lot of money, and how easy it is to buy a kit or an application if you are looking to launch your miscreant career! Some great resources mentioned in today's episode to help you understand more about the cyber threats that we all face everyday and to help you increase your cyber hygiene include: Verizon's Data Breach Investigation Report (DBIR) Center for Internet Security (CIS) Critical Security Controls
July 21, 2020
The Risk Roundtable: EP 9
The people have spoken! The Gate 15 Pod has now become the Risk Roundtable. In this episode the gang is back at it again. Andy, Jorhena, Jen and Dave talk about extremism going mainstream, the continuously evolving threat of ransomware (double extortion, cartels, and encryption), as well as issues with reopenings around the world and the possible security implications. So much to get into that you may miss Jen pushing her new podcast - The Cybersecurity Evangelist (out next week!). Plus Jorhena giving a shout out to a co-worker.
July 7, 2020
The Gate 15 Interview: EP 1
In this inaugural Gate 15 interview podcast, Andy Jabbour talks with Jorhena Thomas on her recent post “Intel Community, Our Turn is Coming,” as they discuss informed, inclusive analysis as well as related thoughts on current racial tensions, protests, biases, the threat environment, and how we, as individuals and as a community, can strive towards being our best.
June 25, 2020
Nerd Out! Security Panel Discussion: EP 2
Nerd Out is stepping out on its own. Dave Pounder is taking his band of merry men and women to discuss various security topics and show their true “nerd” related to security matters. In this episode Dave is again joined by Andy Jabbour and Travis Moran and they welcome in Tamara Herold to discuss the latest protests, what some of the takeaways are related to impacts on organizations and where protests in general go from here. Our Panelists: Tamara D. Herold, Ph.D., Associate Professor, Graduate Director, University of Nevada, Las Vegas (UNLV) Director, Crowd Management Research Council Department of Criminal Justice Travis Moran, Welund North America Vice President of Operations Email email@example.com | Website www.welund.com | twitter: @dronin_on Andy Jabbour, The Gate 15 Company Managing Director / Founder twitter: @gate_15_analyst David Pounder, The Gate 15 Company twitter: @dpounder
June 9, 2020
The Risk Roundtable: EP 8
In this episode Andy, Jen and Dave welcome Jorhena Thomas to the pod to discuss protests, disinformation, reopening and what impacts they may mean for organizations. The team also banters about naming the pod as well as share a little “inside baseball” hurricane poll even though Andy doesn’t care much for baseball.
June 1, 2020
Nerd Out! Security Panel Discussion: EP 1
In this new episode we bring the Gate 15 Pod crew together to discuss security concerns around the re-opening of many business around the world on the physical security and cyber security side.
May 18, 2020
The Gate 15 Pod: EP 7
In this episode Andy, Dave and Jen discuss Ramadan, the infodemic, as well as the impacts of the re-opening / re-entry of businesses across around the world. The team then wraps it up with a couple thoughts to hurricanes and National Hurricane Preparedness Week.
May 5, 2020
The Gate 15 Pod: EP 6. Pandemic Preparedness After Action Reports Webinar
In this episode Gate 15 shares a webinar led by Casey Ateah, Gate 15’s Director of Preparedness, Andy Jabbour, Gate 15 Managing Director and including David Pounder, Gate 15 Director of Threat and Risk Analysis. In this webinar, the Gate 15 team discusses why often, many organizations don’t do a great job of completing a deliberate after-action review process or developing effective after-action reports (AARs) after incidents, from small-scale events to significant threats, such as the current COVID-19 pandemic. The webinar covers topics such as how to get started on an AAR process by identifying the needed resources and getting those resources to conduct the necessary analysis in order to draft an After-Action Report and Improvement Plan. Andy also shares some thoughts on the importance of preparedness and imagination when working towards personal, organizational and national resilience.
April 27, 2020
The Gate 15 Pod: EP 5
This will be the first in a new podcast offering from The Gate 15 Company. In this episode we welcome security experts Bridget Johnson and Travis Moran as well as Gate 15 Managing Director Andy Jabbour to talk about terrorism, extremism, drones and surveillance measures in the COVID world. Bridget: Homeland Security Today - Twitter: @bridgetcj. HS Today is hosting a webinar on 23 April on domestic extremist motivations, targets and tactics. Travis: Vice President of Operations, Welund North American, firstname.lastname@example.org - Twitter: @dronin_on
April 15, 2020
The Gate 15 Pod: EP 4
There is a lot of information out there related to COVID. Aside from initial reactions, the team looks ahead to what’s next and how do we start preparing to handle incidents in a COVID world.
March 30, 2020
The Gate 15 Pod: EP 3
So much can change in a month. Last month we touched on COVID-19, and this episode we dig more into questions about preparedness and the resulting cyber scams associated with it. Then we transition to other cyber issues, specifically Business Email Compromise and phishing.
March 5, 2020
The Gate 15 Pod: EP 2
Episode 2. Today we talk nCoV. What do you need to know, and should you be concerned. Also talk about how events like nCoV could lead to scams. Finally we hit building security and the latest terrorist / extremist activity.
February 3, 2020
The Gate 15 Pod: EP 1
Episode 1. Looking back at the security challenges in 2019 and ahead to what we may expect in 2020. Join Andy Jabbour, Jennifer Lyn Walker and David Pounder.
January 9, 2020