Info

Bill Murphy's RedZone Podcast | World Class IT Security

World Class IT Security – Strategic and Tactical Thought Leadership, Advanced Topics for Top IT Leaders: Innovation, Ideas, Creativity, Neuroscience of Optimal Performance – Fearlessness Living Principles.
RSS Feed Subscribe in Apple Podcasts
Bill Murphy's RedZone Podcast | World Class IT Security
2017
August
July
June
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


Categories

All Episodes
Archives
Categories
Now displaying: December, 2015
Dec 18, 2015

Today I had an interesting conversation with Ken Westin. Ken is commonly referred to as ‘The Good Hacker’ and has spent the past 15 years working with law enforcement and research teams to analyze current and emerging threats to determine how our everyday products and gadgets can mitigate these threats.

He is regularly reached out to as a subject matter expert in the area of security, privacy and surveillance technologies.

In our industry people do a lot of talking about how they want to stop cyber security threat, developing technologies they hope will stop threats, but rarely do you actually come in contact with people actually demonstrating a track record of success thwarting, mitigating and bringing people to justice.

This episode is sponsored by the CIO Scoreboard

What you will learn from this interview:

  1. The secret lives of applications that live on our phones. What information are these apps gathering that we’re not aware of and where exactly is that information going? How can this information be used against us and why are these data harvesting protocols not mentioned in the privacy policy or terms of conditions of many apps?
  2. Black Hat tools and where to find them to see what your adversary sees about YOU!
  3. Questions that Boards should ask about what information that they are tracking about customers
  4. The importance of education and security
  5. Efficacy and relevance of Cyber Liability Insurance
  6. The Cybersecurity elephant in the room: companies tracking and selling our private information
  7. Orchestrating threat intelligence by automating and tracking compliance workflows
  8. The importance of Data Security Analytics
  9. If you are not investing in a product or app then you are the product

How to get in touch with Ken:

Twitter

LinkedIn

About me Profile

RSA Profile

RSA Conference Session – Killing the Kill Chain

LinkedIn Published Articles

Ken Podcast I enjoyed at Tripwire site

BBC article – “I’m a professional cyberstalker”

Mobile Privacy articles

Defcon Talk: Confessions of a Professional Cyber Stalker

Resources Mentioned:

USBhacks

ID Experts – Radar product – Helps with hi profile breach cleanup cases

Kali Linux Distribution

Offensive Security

Tripwire– Automation of Security Compliance + Workflow

OpenDNS

Passive Reconnaissance

Maltego

Tripwire

STIX

TAXII

FS-ISAC

Soltra

Bill’s interview with Aharon Chernin, CTO of Soltra

 

Summarized Show Notes:

  • How Ken got started in the technology world and different technology he developed to aid in theft recovery
  • Empowering people with technology. Criminals take the fun out of technology, dealing with hackers in particular. Ransomware - impact on business. Consumers are now able to defend themselves in a hostile environment
  • Being knowledgeable about what is possible and raising people’s awareness makes a difference.
  • One of the biggest threats right now is marketing departments that develop spyware and gather information through apps, ad libraries. A lot of information is being harvested from our phones
  • If you’re not paying for the product, you are the product
  • Hackers are not the ones that collected the information from people. So how can we secure the information? We need to ask ourselves - what information do we need to collect in order to do business? Companies are collecting information with immunity. If you are collecting that information - you need to be responsible for what you do with it.
  • Mobile software for tracking stolen devices and camera recovery, there’s always a trace
  • Passive Reconnaissance – it’s amazing how much information you can gather through this without touching the network. Can scan network for vulnerabilities without touching it. Just through DNS records, could map Infrastructure, IP ranges, harvest information through LinkedIn. From there, he could identify the technologies he would run into when inside the network.
  • Hackers involved in the Target breach – they did their homework, they could identify who their business partners were and send phishing emails
  • How can one map the network without touching it, inside the firewall?
  1. Identify the IP ranges they are dealing with
  2. Through DNS records - identify 3rd party vendors - HR Services, subdomains for special one off projects, marketing projects, Salesforce etc.
  3. Trusted business partners and vendors
  • Maltego - tool for open source intelligence gathering and threat intelligence integrations
  • Recommendations for a security beginner trying to understanding an external view
  • Offensive security and penetration testing tools and training resources, videso and tools for open source intelligence gathering
  • Key points: awareness and security training in general
  • In security, we like to learn, that’s why we’re good at what we do and I think everyone in the business needs to take that on. Ignorance is no longer an excuse especially on the business side
  • We’re seeing a lot more boards care about security, investors and startups caring about security
  • Boards asking about cyber liability insurance
  • With cyber liability insurance, there isn’t a lot of data, a lot of it is guessing and with that, a lot of exclusions that get included from these policies and now with the breaches
  • With the recent breaches we’ve seen, between Target and Sony, they’re seeing that the cost of a data breach is higher than originally thought when you start to think about lawsuits and identify theft insurance. Insurance companies are starting to put a cap on how much they’re liable for.
  • Need to secure your infrastructure before you get your cyber liability insurance
  • Marrying real security rules - configuration of compliance and real security.
  • Data Analytics - Security Analytics is key. Being able to correlate the data is the challenge to identify the real threat to the environment.
    • Starting to see more correlation between vendors, more open source for threat intelligence
  • Vendors bringing in data scientists with the data they collect and making it easier on the clients to identify anomalies and the signal to noise ratio
  • How does Ken see the space maturing to a point which is meaningful to a small to medium business? Tools such as Open DNS, taking complexity away from the businesses. But business can leverage the big data and threat intelligence. Larger businesses will have to have their own teams. Make sure to identify what's happening in their own network.
  • STIX/TAXII integration – more and more vendors will start to use this and businesses need to ask their vendors if they are compliant with STIX and TAXII
  • A lot of industry clout with Soltra and FS-ISAC. Mitigate threats and share information. 46:36
  • The devil's in the data. Being able to make sense of the data. Harvest the data. There is data there telling you a story, just a matter of you finding it. Harvest the data.

This episode is sponsored by the CIO Scoreboard

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter.

Dec 16, 2015

This episode is sponsored by the CIO Scoreboard

I have never been particularly impressed with people who achieve meteoric results in business if other areas of their lives are going in exactly the opposite direction or are stagnant. What good is it to satisfy shareholders if your kids see you rarely or they see you but you are not present with them? Or you achieve business goals but skip your thirties with exercise because you feel that you can’t afford to take the time.

Since my twenties, my bigger fascination has been to find models of success that incorporate all areas of life (business, family, relationships, health and spirituality) as a vision of success. My interest has been to find and learn from well-rounded people who have a mission and focus on positive impact in all major areas of life. They are far more interesting and usually get great business results as well.

Notably, one of the patterns of highly self-actualized people that I have observed is that they have some combination of experts, trainers, coaches, thought leaders, mastermind groups, etc around them to help them reach the highest levels of performance and to ‘be’ the best expressions of themselves multiple areas of life.

Some Fortune 500 companies invest in Executive Coaches for top level executives in order to make sure that their investments in critical leaders and the teams and assets they lead are optimized for performance. There is quite a lot riding on peak performance. The better a corporate leader performs, the better the company does. It is quite simple. Leaders need coaches just like athletes.

I asked myself - what do top Executive Coaches do with their clients to achieve great results? I wanted to know so I asked Gail.

Gail is super impressive. She has been working with top leaders of American businesses now for the better part of 25+ years in the areas of Executive Leadership Development, Lifestyle Management, Wellness, Succession Planning, and Strategic Business Planning. She is one of the best at optimizing business executives in all areas of life.

Her level of professionalism and insight is off the chart. I stumbled into her while reading her gem of a book All Together Now: Vision, Leadership, and Wellness and as a result reached out to her since I couldn’t stop taking notes as I read it. She approaches business and personal performance as one and the same and believes they are intricately linked.

I am on a mission to get you to operate at the highest levels you can in all areas of life. In this episode we discuss:

  1. The force multiplying power of integrating vision, leadership and wellness at a corporate and personal level.
  2. The importance of high degrees of executive self-awareness so you can be observant of how your behavior impacts others.
  3. The impact of clarity and vision within an executive’s company and family.
  4. We explore asking yourself the question “Why” and how, when you ask yourself why?, It develops clarity around a vision.
  5. Why the Biggest hurdle for IT Leaders is Emotional Intelligence EQ.
  6. Why being proactive with our own health is imperative and what to ask yourself in order to prepare for a doctor visit.
  7. The importance of meditation, mindfulness and forgiveness and how learning these skills can help access reserves of resilience.

Gail Voisin is the CEO of her coaching and consulting practice in Toronto, Canada, She is an international Executive Coach and trusted advisor to corporate executives in North America and globally. She is an author of her Book - The All Together Now Advantage™, which is a proven success. With her unique background and combination of skills, she integrates and links Vision, Leadership and Wellness to strategic plans and organizational objectives to measure Return On Investment (ROI).

How to get in touch with Gail:

Website

LinkedIn

All Together Now: Vision, Leadership, and Wellness

Resources Mentioned:

Summarized Show Notes:

  • The genesis of Gail bringing health and wellness into corporate strategies and key breakthroughs. When working for a Fortune 1000 - go across to hire different staff. Staff were working long hours and had no place to exercise and at the same time women in the test kitchen were taste testing and gaining weight giving way to Gail being a pioneer, or suffragette and convinced president to allow them to study fitness. At the time many executives were skeptical and said “what does fitness have to do with productivity”. Healthier employees - improvement in productivity and processes. Wellness and health are critical aspects of success.
  • Gail has worked with executives in top companies in North America. What is a business executive coach? A coach coaches in areas in vision, leadership and wellness and integrate these into their business plans. To maximize performance whilst achieving a balance of wellness in their lives. Why so successful? She’s developed an integrated solution with a compelling brand. Value added coach that works. About the profound power of integrating vision, leadership and wellness. The integration piece is powerful.
  • New global world has many challenges for CEO. Requires a unique set of skills. They are accomplishing more but expending less energy. To be highly successful - high level of self-awareness, and understand how their behavior impacts others.
  • Details regarding coaching: what does this structure look like? Mechanics of coaching relationship at highest level. Has to be a chemistry and initial meetings have to be face to face.
  • Is it high degrees of motivation that people approach coaching or companies mandating it?
  • It leaders in the world - unique challenges. Why is connecting with personal vision so important? Vision needs to be so clear and laser focused that your passion is ignited. Values are foundation for the vision.
  • The more you explore the WHY - helps develop clarity around personal vision. Purpose for living - ignites passion. Personal vision has to be in line with corporate vision.
  • Leadership programs linked to neuroscience, that’s where the future is going.
  • Bringing the whole individual to bear on their life and not segmenting.
  • There are six key leadership competencies:
  1. strategic thinking,
  2. communication,
  3. emotional intelligence,
  4. negotiation and conflict management,
  5. managing energy and time,
  6. mastering lifestyle management and overall wellness.
  • Biggest hurdle for IT executives is communication skills and Emotional Intelligence (EQ) - Most IT executives are extremely bright with good intentions. But their natural inherent skills are more on the technical and IT side of the business and not enough on the communication and emotional intelligence side, In other words, the IT skills come more natural to them then to others, yet the softer interpersonal skills, the communication seem to be more of a challenge. Similar to engineers.
  • IT executives have so much to significantly contribute to the organization, so when these competencies can be enhanced, it takes the organization to a whole new level.
  • When an executive can utilize their logical and analytical business sense alongside a highly developed EQ, they are much more likely to achieve extraordinary success. If an executive's EQ is low, it is a distinct disadvantage. Can't improve IQ but you can improve EQ. 26:35
  • Results are not only life changing to executives, but to the families around the individual.
  • Demonstrating the link, the EQ has a direct impact on work, but also the spouse and children.
  • How do we fully qualify, and how to approach health in general for an executive. Need to be an advocate for our own health. Your health is your wealth. The healthier the more productive you can be. Be connected in your community, to network and find out.
  • Concept and power of Mindfulness - Meditation and Forgiveness. Forgiveness first - as an IT executive you can be blamed for things that go wrong. If things go well it is silent, and if not, then everyone hears about it.
  • Forgiveness, just like meditation is becoming more and more important for people to understand.
  • It is important to not be so hard on ourselves. "Big part of forgiveness is key to our health". Dr Bernard Jensen "Forgive others who offended, and say I'm going to love you whether you like it or not." William Dyer: "Who am I to judge you or anyone? Given the conditions of your life, you did what you knew how to do. You can’t ask anymore of anyone. "
  • Meditation and Mindfulness: Mindfulness - Jon Kabat-Zinn, PhD - MBSR - mindfulness-based stress reduction. Meditation is the practice and process of paying attention and focussing on your awareness. Over the past 20 years slow shift happening and meditation is becoming more popular. In the past, executives became used to meditation to overcome a crisis. Change the perception of meditation in the corporate world. Different types for different executives - depending on their needs. Mindfulness is being present in the moment. Can be very helpful to connect to what happens.
  • Practical mindfulness can be practiced in every-day life. Practice mindfulness while you wait. Whether waiting in a line or stuck in traffic. Mindfulness and Meditation can help the IT executives access the reserve of resilience.
  • It’s not a competition, it’s a journey. Mind triggered into flight or fight response. If we can’t establish dominion over the world, then it will affect our health.

This episode is sponsored by the CIO Scoreboard

 

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe below for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.

Dec 2, 2015

This episode is sponsored by the CIO Scoreboard

In this episode I interviewed Tyler Cohen Wood who has an impressive amount of experience in Cyber security, and Digital Forensic Security - in addition to helping the White House, the Department of Defense, The Intelligence Community, Federal Law enforcement and even NASA.

In our discussion on security, we talk about the different protections available on Social media and the different types of cookies and how to ensure that you are protecting yourself and your family to the maximum. Read further for more information as we discuss the following important points:

  • The best protection is knowledge of how things work
  • Super cookies, zombie cookies, flash cookies
  • The importance of turning off Exit data on photos that will be uploaded to social media sites
  • Downloading Apps - Understanding what you are doing and what you are potentially giving away to companies
  • How do others perceive you online? How to research yourself online and see how others perceive you
  • Be aware of your individual personal “brand”
  • Executive Travel - posting your travel plans and location of working from home or working from a coffee shop
  • How to understand online deception and vette people.
  • How to become a human lie detector with statement analysis
  • Teach your kids how to use a checklist to keep themselves safe online

As a business leader who wants to be fluent on the impact of current privacy and security challenges, you will find Tyler’s message educational on both the personal, work, and family areas of your life.

Tyler Cohen Wood is an expert in social media and cyber issues. She was a senior officer and a Senior Leader and Cyber Branch Chief for the Defense Intelligence Agency. She was a cyber branch chief for the Defense Intelligence Agency (DIA) within the Department of Defense (DoD) where she makes decisions and recommendations significantly changing, interpreting, and developing important cyber policies and programs affecting current and future DoD and Intelligence Community policies. She previously worked for the Department of Defense Cyber Crime Center as a senior digital forensic analyst, using her expertise in intrusion, malware analysis, and major crimes to bring about many successful prosecutions.  Before joining the DoD Cyber Crime Center, she was employed at IBM and NASA as a senior forensic analyst.

She wrote the book Catching the Catfishers, where she explores the digital footprints that we all leave behind, whether we realize it or not. The book sheds light on a comprehensive set of online security components and teaches readers how to best protect their personal information from being put out and circulated on the web.  She co-authored the textbook Alternate Data Storage Forensics and was featured in Best Damn Cybercrime and Digital Forensics Book Period.

How to contact Tyler:

Website

LinkedIn

Twitter

Facebook

You Tube

Vimeo

Books:

Catching The Catfishers: Disarm the Online Pretenders, Predators and Perpetrators Who Are Out To Ruin Your Life

Alternate Data Storage Forensics

Resources Mentioned:

Spokeo

EU regulations

Rogue Base stations

Stingray

Statement Analysis

Exif Data

Cyber Dust

Summarized Show Notes:

  • “The best protection is knowledge of how things work”. You don’t have to become a coder, but think outside the box and how things can be a threat to you, your family and corporation.
  • Understanding the impact of a company like Spokeo. Thoughts on personal privacy – do we have any anymore? Even if you never go on Social media or don’t use a smart phone. But there are other people posting things about you. You have a digital presence. When you read the Terms of service on apps, they will tell you what they are collecting and how they are collecting.
  • We should try to secure companies with data like Spokeo. The book is about what we can do individually to take control. EU regulations - will be interesting to see what happens to see how companies can work around data.
  • Photos - takeaways regarding privacy settings on this. Exif data. Pinpoints the exact geographic location from where the photo was taken. When you are dealing with a predator after your child, you don’t want too much information being taken from your child. Bad guys - are really good at what they do. But you can turn it off.
  • Knowledge is empowerment. Understanding what you are doing and what you are potentially giving away to companies. Decisions can be made on what you want to do to use it.
  • Cookies - obscuring identity through proxy systems. Super Cookies, Zombie Cookies and Flash Cookies. Cookies have a format - you can delete cookies. Usually used to auto-login to a site. But now - different companies are getting smarter and using zombie cookies that are harder to remove. To find out more about you to sell you stuff. Things you can do if you want to protect yourself. Don’t use applications as much, try to use the websites. Sometimes the cookies are polymorphic.
  • Insurance companies and health companies - building profiles on us, with automated tools. Powerful tools - building up a story about us online.   Sometimes people are more realistic about who they are on social media, sometimes not. IRS - utilizing this technology. This is stuff we have chosen to put out. When you take the posts from the perspective of an HR person would to find out about you - you might find out a lot about you to find out who you are. If you never post things, but you like a certain persons posts. That will tell us a lot about who we are as people.
  • How do we assert some sovereignty over our life? What would an observer see about ourselves? You want to research yourself online. Sometimes privacy settings change. Do you want employers seeing this and a bunch of strangers seeing this? It’s a perception. Perceptions become reality.
  • Think about it as your brand. When you post about your children and how your children are doing. Privacy settings can and will change. If you are posting things which you think is private. Someday that information might be available to college boards or recruiters. Set up a private group if you want to talk to a private group.
  • As an executive, it’s very easy to find your address. Very easy to set up things like man in the middle attacks targeting that particular person. Rogue Base Station, Stingray, IMSI catcher. Those people can put updates through malware that given them control of your device. Base station you put in that your phone will connect to as the strongest signal that may be in a coffee shot. You will go through the rogue base station instead of the actual provider signal. People learning your pattern of life.
  • Catching the Catfisher - what does it mean? What is purpose of the book? Teach people how to understand Wild West domain and empower themselves in ways that are easy to understand. To read deception in the online domain. Understand if those you are talking to are really who they say they are.
  • Value in the book from purely understanding deception and becoming a human lie detector. Statement analysis. Deception techniques are important.
  • Having a checklist is a way to engage your kids in the security instead of them feeling attacked
  • Browsers can take control – Tyler personally uses Chrome. Added security features. Depends on what you want to use.
  • Instant messaging - cyber dust. IMs. Context of messaging versus transport of messaging. Cyber dust - it disappears. If traversing through a network and network is keeping those packets it can always be re-constituted. There are low tech solutions to high tech issues. Someone can take a photograph of what you sent and send that around.
  • As society we have to be aware of what we are putting out there because we don’t know where we’ll be 5-10 years from now.
  • If there’s something that you want to do, don’t let anybody tell you that you can’t. If there’s something you want to do and you know it’s right, go for it, because you can do it.

This episode is sponsored by the CIO Scoreboard

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe below for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.

 

1