Automotive Cybersecurity Risks
Episode S3E12 features an informative conversation with Slava Bronfman, the Co-founder and CEO at Cybellum. Cybellum is a global leader providing integrated cyber solutions for the leading device manufactures, including automobiles. We discuss the cybersecurity risks associated with the automotive industry and what can be done to mitigate those risks. In his role as CEO at Cybellum, Slava is responsible for the business, sales, and marketing operations, working with manufacturers and asset owners worldwide on implementing risk assessment solutions. He served as an officer in Israel’s elite intelligence corps unit 8153 in a leading product management position and holds an M.Sc. In Computer Science, Cum Laude, and a B.Sc. in Information Systems, Cum Laude. Join us for this fascinating episode and enjoy the conversation.
October 25, 2021
Smartphone-related Security Threats
In Episode S3E11 our guest is Dr. Bill Anderson, President of CIS Mobile. Dr. Anderson is a security industry executive with extensive leadership experience founding, funding, and operating security software companies. He has previously served as Vice President, Technology Investments at Allied Minds where he managed a portfolio of information security, quantum, and semiconductor design companies. Bill has held executive roles in product management and marketing at several public and private technology companies and is an expert on security in the mobile ecosystem. During this fascinating conversation, Bill gives us an overview of some current and recent threats related to smartphones and explains some of the methods government users have historically used to protect against smartphone-related threats - and the challenges with those methods. To wrap it up, Dr. Anderson give us some very specific recommendations for protecting government users of commercial smartphones. If you use a smartphone, and who doesn't, you are sure to find this episode interesting.
October 4, 2021
What the Future Holds for the “New” Workplace
In Episode S3E10, our guest is Julian Lovelock. Julian is currently Vice President of the Global Business Segment responsible for workforce identity management solutions at HID Global. Part of his role includes sparking new innovation leading to the development of new products and services. Julian moved to the United States from London in 2006 following the acquisition of ASPACE Solutions, where he was CTO and co-founder. He holds a Bachelor of Engineering in Electrical and Electronic Engineering from the University of Aston, UK. We discuss the idea of identity being the new perimeter, and Julian explains what it means to digitally transform the management of identities and the associated cyber and physical access credentials for the workplace. Julian walks us through some of the current technological trends for authentication and some of the best practices in securing workplaces and networks. Don't miss this informative interview with Julian Lovelock, Vice President of Global Business Segment at HID Global.
September 7, 2021
Industry IoT Consortium's Trustworthiness framework foundations
In Episode S3E9 we depart from our normal format and interview four guests at once. The panel for this episode is made up of Karen Quatromoni, the Director of PR at Object Management Group, and three co-chairs of the Trustworthiness Task Group for the Industry IoT Consortium, they are: Marcellus Buchheit - Co-founder and Chairman of the Board at WIBU-Systems. Frederick Hirsch - An independent consultant in the area of trustworthiness and security. Bob Martin - Leads the supply chain and security efforts within MITRE, a non-profit organization that runs federally funded research and development centers. We discuss the business need and context for trustworthiness and how it relates to safety and security, what a trustworthy supply chain means and how companies can gain assurance of trustworthiness from their downstream partners, IICs Trustworthiness Framework, and more. Please join us for this informative and relevant conversation around trustworthiness, safety, and security.
August 23, 2021
10 keys to preventing ransomware
In Episode S3E8, our guest is Corey Nachreiner, Chief Security Officer at WatchGuard Technologies. Corey is a front-line cybersecurity expert for nearly two decades; he regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles. Corey is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news, and best practices. A Certified Information Systems Security Professional (CISSP), Corey enjoys "modding" any technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word. In this fascinating conversation, Corey discusses the current state of ransomware as we delve into what double and even triple extortion attacks mean to businesses. Corey provides ten important and valuable keys for preventing ransomware. Don't miss this exciting and informative interview with Corey Nachreiner, CSO at WatchGuard Technologies.
August 16, 2021
Cybersecurity Awareness Training - Why It Works
In Episode S3E7 our guest is Zack Schuler. Zack is the founder and CEO of NINJIO – a global cybersecurity awareness company that teaches employees and their families how not to get hacked. Zack is an authority on cybersecurity, employee engagement, and related tech issues. He has written for Forbes, HR Dive, Dark Reading, and many other outlets. In this fun and entertaining episode, we discuss where the idea for NINJIO came from and how it got started. Zack gives us an overview of the various cybersecurity training programs NINJIO offers. They cover more essential topics than you might think. We spend some time talking about the importance of developing a culture of cybersecurity awareness within companies, and Zack offers some great ideas about how leaders can accomplish just that. If you'd like to learn more about cybersecurity awareness training and how it can help you at work and home, don't miss this episode of the Brilliance Security Magazine Podcast.
July 19, 2021
In Episode S3E6 our guest is Brian Hajost, President and Founder of SteelCloud, a company that develops technology for automated remediation of endpoints to effectively meet compliance mandates. In this fun and informative conversation, Brian delves into what it means for organizations to meet the various compliance mandates they are subject to. He addresses the Cybersecurity Maturity Model Certification (CMMC) and how enterprises can automate remediation of their endpoints. A little about our guest: Brian Hajost is the President & CEO of SteelCloud, a company that develops technology for automated remediation of endpoints to various security benchmarks. Brian’s technical career has spanned over thirty years, primarily with leading-edge technologies in regulated industries. He holds eight patents in IT security and two patents in mobile security. He is an active contributor to the DC Chapter of the Armed Forces Communications and Electronics Association (AFCEA), currently serving a board member.
June 14, 2021
The Importance of Encryption in Today’s Data-dependent World
In Episode S3E5, we talk with Purandar Das, CEO and Co-Founder at Sotero - Sotero offers the first field-level, universal data protection platform. We talk about the importance of data, the data lifecycle, and why it is essential to encrypt data at each stage of the lifecycle. We discuss the idea of data time-to-value, and why it is important, and the current state of today's encryption technologies. Join us for a fascinating conversation. Purandar Das is an experienced executive with a demonstrated history of success in the information technology and services space. He is skilled in Technology & Business Development. He is experienced in Enterprise Software, Enterprise Architecture, Agile Methodologies, and Customer Relationship Management (CRM). He was formerly the CTO at Infogroup, MobileMessenger, and Epsilon.
May 17, 2021
Application Security: the Importance of Collaboration, Automation, and Infrastructure as Code
In Episode S3E4, we talk with Abhay Bhargav, founder of we45 - an Application Security Company and he is also the Chief Research Officer of AppSecEngineer - a hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security, and DevSecOps. We talk about why it's important to foster a culture of collaboration between security and engineering teams, and what can happen if you don't collaborate. We discuss the role of automation in DevSecOps and how it can be implemented. Finally, we touch on Infrastructure as Code (IaC). Please join us for an interesting conversation. Abhay Bhargav started his career as a breaker of apps, in pen testing and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps He is a pioneer in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security.
April 19, 2021
Cybersecurity for Physical Access Control in the Cloud
In Episode S3E3, we talk with Kim Loy, Chief Product Officer at ACRE, a global networking and security solution leader. We probe whether cloud-based physical access systems have lived up to their expected adoption by end-users. We look at some of the potential cybersecurity risks associated with exposing physical access data and controls to the internet and discuss how these concerns have been addressed. Kim offers a view of the Cloud Security Shared Responsibility model from a physical access control perspective. Join us for a fascinating and informative discussion with Kim Loy, who has more than 25 years of security industry senior management experience and has achieved significant success within a wide variety of global enterprises. As Chief Product Officer for ACRE, Kim is responsible for overseeing the company’s brands, strategic product planning, and cybersecurity strategy. In addition, Kim provides direction for messaging strategy and communications development. Prior to her role at ACRE, she served as the Director of Technology and Communications for Vanderbilt International in Dublin, Ireland, where she managed the global R&D, Product Management, and Marketing Communications teams. Kim has held senior positions with GE Security, G4S, Xtralis, and Pelco by Schneider Electric. These global positions have provided her with extensive international experience, including time living in England, France, Belgium, and Ireland. Kim also serves on the Security Industry Association Board of Directors.
March 29, 2021
Zero Trust for Open Banking
In Episode S3E2 we talk with Jasen Meece, CEO at Cloudentity — a cloud-based provider of dynamic fine-grained authorization and governance solutions. We dive into zero trust for open banking APIs and uncover some of the threats associated with that market. We look at a new partnership just announced between Cloudentity and Axway, a leading API integration platform provider. With previous roles at Oracle, KPMG, and IBM, Jasen has 20+ years of leadership experience in IT driving both internal and external facing organizations. Jasen is a dynamic, results-oriented executive who leverages technology products and services to achieve business value-based transformation.
March 15, 2021
Potential Security Risks Within Legacy Databases
In Episode S3E1 we talk with Greg Wendt, Executive Director of Security at Appsian. The focus of the conversation is data and compliance as it relates to Enterprise Resource Planning (ERP) software. We uncover some of the potential security risks associated with legacy databases and what can be done to protect sensitive data in a post-COVID world. Greg Wendt is an Oracle® PeopleSoft security expert. During his 23-year career, he has been recognized as a leader in data security, application architecture, and business operations. He served as an ERP Application Architect at Texas Christian University where he was responsible for TCU’s PeopleSoft system and was Chairman of the Higher Education User Group’s multinational Technical Advisory Group (HEUG TAG). Greg has led criminal justice and cybersecurity courses focusing on hacking techniques.
January 22, 2021
Benefits of Using FIDO Authentication
In this episode, we examine Fast ID Online (FIDO) standards-based authentication that ends reliance on passwords, protects user credentials, and resists phishing attacks. FIDO supports the remote pandemic-era workforce by ensuring critical data residing on home-based systems and mobile devices remains secure and uncompromised. Our guest, Steven Humphreys, CEO of Identiv, answers questions such as: Why are home networks so much more vulnerable to malicious attacks than corporate networks? Why is the use of passwords no longer advisable? What devices are FIDO2 security keys compatible with? Join us for a fascinating conversation that may change how you authenticate online.
December 15, 2020
Security and Compliance for Today's Collaboration Tools
In this episode, we take a look at how companies can protect sensitive data while using modern collaboration tools. Our guest is Devin Redmond, CEO, and Co-Founder of Theta Lake, the recognized leader in collaboration security and compliance for Cisco WebEx, Microsoft Teams, RingCentral, and Zoom. Listen to learn how Theta Lake’s AI helps security and compliance teams more effectively scale their risk detection and the workflows for communication security, data loss protection, and supervision of modern video, voice, and unified collaboration systems.
December 7, 2020
The Cybersecurity Poverty Line and the Nine Cybersecurity Habits to Protect Your Future
In Episode S2E20, we examine the cybersecurity poverty line and its relationship with the industry-wide skills gap. We talk with George Finney, a CISO that believes people are the key to solving our cybersecurity challenges. We discuss the habits organizations need to create to build a culture of cybersecurity awareness. George talks about his new book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. You won't want to miss this fascinating discussion.
November 30, 2020
2020 State of Virtual Appliance Security Report
Thousands of virtual appliances are being distributed with known, exploitable, and fixable security flaws and often on outdated operating systems. Organizations depend on virtual appliances for securing cloud workloads, firewalls, secure gateways, and encryption. To help the cloud security industry keep pace with demand, Orca Security released the “2020 State of Virtual Appliance Security Report,” which analyzed 2,218 virtual appliance images from 540 software vendors for known vulnerabilities, to identify risks and provide an objective assessment score and ranking. As the enterprise migrates to the cloud at a rapid pace, the security of virtual appliances has fallen dramatically behind. In this episode, we talk with Yoav Alon, Chief Technology Officer at Orca Security, and examine what went into creating this report and some of its top findings.
November 23, 2020
Mobolize and Akamai Enable Security on Mobile Devices
Mobolize, the recognized leader for providing an on-device Data Management Engine that provides security, connectivity, and optimization on mobile devices, recently announced a partnership with Akamai, the intelligent edge platform for securing and delivering digital experiences, to offer security to mobile devices for enterprises. The addition of mobile protection adds an extra layer of proactive security controls and threat protection to quickly and uniformly block malicious web traffic for the growing use of mobile devices as employees work from home. In Episode S2E18 we explore this new partnership as we speak with Colleen LeCount, Chief Revenue Officer at Mobolize, and Tim Knudsen, VP Product for Enterprise Security Products at Akamai. We uncover how this relationship will affect security and device performance for enterprise mobile device users.
November 10, 2020
Converging Fraud, Risk, and IT Teams
Episode S2E17 is an informative discussion about how financial institutions are fairing in their quest to converge fraud, risk, and IT teams. We look at the state of the financial industry as it relates to fraud and how the pandemic has affected financial institutions. We examine some of the pain points banks suffer as they attempt to converge risk management solutions as well as the benefits of this convergence. As our guest, we have Matt Tengwall, the General Manager of Verint Fraud & Security Solutions. He shares his unique insight into how technology often leads the way as financial institutions grapple with fraud, risk, and IT convergence.
October 26, 2020
Cashless Payment Services and Preventing Fraud
In episode S2E16 we talk with Eric Solis, the CEO of MovoCash, and discuss how consumer demand for cashless payment is changing society and how financial institutions can offer competitive digital services while preventing fraud. We examine the "state of the industry" as it relates to cashless payments and bank fraud. We talk about the need for new banking standards and look at whether or not a government-backed digital dollar is a good idea. Eric describes a better way of making cashless payments than just handing over a credit or debit card number that gives merchants access to your entire credit limit or bank balance.
October 19, 2020
Cybersecurity and Compliance Challenges Faced by SMBs, with Karen Walsh
In episode S2E15 we have a fascinating discussion with author and compliance expert, Karen Walsh. We dive into some of the cybersecurity and compliance challenges faced by small to medium-sized businesses. Karen shares her expert insight into what SMBs need to know to protect their data, stay in compliance, and understand what is really important. In her characteristically charming way, she sorts through some of the industry's hyperbole and rhetoric to expose some simple cybersecurity and compliance truths. Karen is working on a new book and offers some insights into what we can expect when it is published.
October 12, 2020
Designing 360° Cameras with Cybersecurity In Mind
From adopting secure configurations with measures to protect and control access to cameras, to managing security threats with vulnerability scans during integration, and even ensuring the integrity and security of products over the supply chain with regular audits, in episode S2E14 we talk about designing 360-degree surveillance technology with the cybersecurity needs of end-users in mind. Our guest is Jon Marsh. Vice President of Product at Oncam. Jon is responsible for Oncam’s overall product development. He spearheads the technology, design, and delivery of products, and ensures that the development of new solutions fit customer needs. Join us for an interesting conversation about what camera manufacturers can and should be doing to protect their end user's network.
October 5, 2020
A Discussion about Security by Design with Arcules and Milestone Systems
In episode S2E13 we talk with two experts about how physical security solutions must be designed with cybersecurity in mind. You can think of this as security for security. Nigel Waterton is Chief Revenue Officer, for Arcules, and Tim Palmquist is Vice President Americas, for Milestone Systems. Together we uncover some interesting ways that Arcules uses the concept of Security by Design to bake cybersecurity elements into their cloud-based physical security solutions. We also talk about the unique relationship between Arcules and Milestone Systems. A relationship that provides each company with strategic advantages in the marketplace.
September 28, 2020
How We Can Effectively Restart Operations While Protecting Our Employees’ and Citizens’ Health and Safety
To say that the COVID-19 pandemic has disrupted operations around the world is the understatement of the decade. That being said, businesses and governments are under mounting pressure to restart their operations as quickly as possible. With social distancing and other measures helping to curtail the spread, organizations are turning their attention to a critical question: “How do we effectively restart operations while protecting our employees’ and citizens’ health and safety?” In episode S2E12 we talk with Alan Stoddard, Vice President and General Manager, Verint Situational Intelligence Solutions. He says adjusting to these new conditions demands a pragmatic approach that addresses the potential risk to employees in various environments while also delivering a degree of confidence to customers that an organization is taking a meaningful, proactive posture to keep people safe and healthy. Also, as circumstances change, obtaining the insight to adapt to those changes, and implementing workplace health and safety tools are crucial for businesses to stay one step ahead and remain agile.
September 21, 2020
API Protection - The Overlooked Business Continuity Strategy
From financial services to education, nearly every industry relies on API feeds to remain competitive and generate revenue. In S2E11 former team leader of an elite Israeli Defense Forces (IDF) cyber unit and current CEO of Salt Security, Roey Eliyahu, cautions that API security must be part of an organization’s business continuity strategy. If left unprotected, a breach could have catastrophic repercussions for both revenue and brand reputation. Listen to this episode to hear Roey explain how attackers choose which APIs to target, how they execute attacks, and how to protect against these threats.
September 14, 2020
Security Culture Report Finds a Large Gap Exists Between the Best and Worst Performers for Security Culture
In Episode S2E10 we talk with Perry Carpenter, Chief Evangelist, and Strategy Officer with KnowBe4. We discuss KnowBe4’s new research arm, KnowBe4 Research, and their first Security Culture Report that was recently released. In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organizations across 24 countries. There were a total of 17 industry sectors examined in detail. Results from this year’s report revealed a large gap between the best performers and the poor performers when it comes to security culture. The best performers were from Banking, Financial Services, and Insurance and the worst performers were from Education, Transportation, and Energy & Utilities. Security culture varies across industries. In the industry comparison report, all industries were compared according to their security culture scores and across each of the seven dimensions (Attitudes, Behaviors, Cognition, Communication, Compliance, Norms, and Responsibilities) of security culture. Download a copy of the report here.
September 7, 2020
Shadow Code: The Hidden Risk to Your Website
In Episode S2E9 we talk with Ameet Naik a security evangelist at PerimeterX. PerimeterX, a leading provider of application security solutions that keep digital businesses safe, recently released “Shadow Code: The Hidden Risk to Your Website.” This second annual survey of security professionals uncovers the extent and impact of third-party scripts and open-source libraries used in web applications across organizations. Join us for this fascinating discussion about Shadow Code and why it is a problem for developers.
August 31, 2020
Shoring Up Security in a WFH World
In Episode S2E8 we talk with Zeev Draer, vice president of corporate strategy for Niagara Networks, and we discuss some steps corporations can take to shore up their security posture in this new “work from home” world we find ourselves in. Zeev describes for us some of the operational differences between attackers and defenders - and why is that important.
August 24, 2020
COVID-19’s Impact on Business Security
In Episode S2E7 we have a delightful conversation with Adam Kujawa, Director of Malwarebytes Labs. Adam talks about Malwarebytes' insightful new report that was released on August 20, 2020. This report, titled "Enduring from Home: COVID-19’s Impact on Business Security," combines Malwarebytes telemetry with survey results from 200 IT and cybersecurity decision-makers from small businesses to large enterprises to unearth new security concerns in remote work environments. You'll not want to miss this episode, as Adam lays out some of the more interesting findings from this important report.
August 20, 2020
The State of DDoS Weapons
DDoS attacks continue to grow in frequency, intensity, and sophistication. Listen to this episode of the Brilliance Security Magazine Podcast to learn more about why DDoS attacks are increasing and what can be done. In Episode S2E6, we discuss the new A10 Networks report on the State of DDoS Weapons. Our guest is Paul Nicholson, Senior Director of Product Marketing for A10 Networks. Paul walks us through why this report is essential to the industry and the methodology used to collect the data reflected by the report's findings. We review many of the more interesting and significant results that can be found in the report.
August 17, 2020
What You Need to Know About Leakware
It’s no secret that cybercriminals are always upping the ante, but while ransomware is still in the spotlight, it's even more devastating cousin, leakware, doesn’t receive as much attention. In this episode, we talk with Nir Gaist, a senior information security expert and ethical hacker to learn more about leakware - what it is, how cybercriminals are leveraging it to increase ransom payments, and what can be done to prevent it.
August 10, 2020
Account Takeover Fraud
S2E4 is an exciting discussion with Will LaSala, the Director of Security Solutions, Security Evangelist, at OneSpan. Will offers his expertise to examine account takeover fraud, what it is, how it works, and how to avoid it. Recent news reports indicate that 15 Billion consumer credentials were found for sale on the dark web. And about 25% of the leaked credentials include account information related to banking and other financial services – making it extremely easy for hackers to conduct account takeover attacks on consumers’ financial accounts. Coupled with the current remote work conditions, consumers are prime targets for financial-related cyber-attacks in the coming weeks.
August 3, 2020
2020 State of the Public Cloud Security Report
S2E3 is a discussion with Avi Shua, Co-Founder and CEO of Orca Security. Avi takes us through some of the more interesting findings of this new industry report. This study shows that public cloud environments are rife with neglected workloads, authentication issues, and lateral movement risk The world of cybersecurity isn’t fair. Security teams need to secure everything, but attackers need only find one weak link. For most organizations, cloud workload security is dependent upon the installation and maintenance of security agents across all assets. This rarely happens, as this report shows. Listeners can download this complete report at: https://info.orca.security/2020-state-of-public-cloud-security-report
July 28, 2020
Essential COVID-19 Supplies via the Darknet
S2E2 is an in-depth look at how and what supplies, essential for preventing and treating COVID-19, end up on the darknet. We interview Dr. David Maimon, an Associate Professor in the Department of Criminal Justice and Criminology at Georgia State University. Dr. Maimon is engaged in a year-long study, funded by the National Science Foundation, which will allow researchers in Georgia State University’s Evidence-Based Cybersecurity Research Group (EBCS) to examine threats related to the sale of critical COVID-19 supplies via darknet markets.
July 28, 2020
IoT Revolution Leads to Increased Risk of Cyberattacks
Episode S2E1 is a fascinating interview with Hardik Modi from NETSCOUT. We talk about the IoT revolution and some interesting findings from NETSCOUT's latest industry report.
July 21, 2020
A Security Report Worth Reading
In this episode we talk about the new Malwarebytes 2020 State of Malware report and why I think you should read it.
February 11, 2020
Applying High Tech Security Technology for SMBs
Security technology will allow us to implement some pretty amazing defenses. The brightest technology minds around the world examine new and existing threats and vulnerabilities. Each new exploit brings the industry’s defensive methods and strategies to a sharper point. One of the practical problems that continually surfaces in security technology is one of application. It does little good to devise highly technical defensive solutions if they are, in the end, too complicated for average businesses to deploy and manage. Listen to what we learned about one company that addresses this problem every effectively.
January 30, 2020
Brilliance Security Magazine's Inaugural Foray in the World of Podcasts
Due to reader suggestions and the growing popularity of podcasts, we are adding this medium to Brilliance Security Magazine. Here you will find short but informative podcasts designed for security professionals and those interested in cyber and physical security.
January 27, 2020