On this episode, we dive headfirst into the Open Web Application Security Project (OWASP) Threat and Safeguard Matrix [TaSM].
I’m speaking with the current CISO at Caterpillar Financial, Ross Young, about the OWASP “Tasmanian Devil” Threat and Safeguard Matrix [TaSM] that he created. Ross has worn many hats during his career, spending 10+ years in the CIA, holding security roles at The Federal Reserve and NSA, and stepping into the role of being a Divisional CISO at Capital One.
Listen as Ross and I discuss the OWASP TaSM (like the Tasmanian Devil) and how it can be of great importance to CIOs and CISOs who are looking to focus on the biggest threats and risks to their company. Learn how integrating TaSM into your defense plan can help your organization quickly respond to malware and ransomware and deploy a Business Continuity Plan (BCP) and Disaster Recovery (DR) test to restore your backups and gain resiliency from cyber threats in the future.
Featuring:
Ross Young, CISO at Caterpillar Financial
Resources:
Learn more about the guest: https://www.linkedin.com/in/mrrossyoung/
Connect with Bill on LinkedIn: https://www.linkedin.com/in/billmurphynll/
It was great having Shannon talk with our CIO and Lieutenant community. She is the top person for managing the product development of the Cloud App Security line with SonicWall
From a security strategy perspective, the importance of a platform for security threat management, blocking, detection and response, as it relates to SaaS apps and your data, has never been more important. This can't be understated as more and more of your business applications are moved to the cloud and Securing Office 365, OneDrive, G Suite, Box, Dropbox, and other SaaS apps take on a higher and higher priority.
I was eager to talk with Shannon and I was lucky to catch up with her after our Cloud and Email Kill Chain Defense Innovation lunch event. Here are some of the key questions we discussed:
For CIOs, I believe that choosing the correct security platform vendor has never been more important!
Shannon Emmons is a Senior Product Manager at SonicWall, the global, network security leader delivering automated real-time breach detection and prevention that keeps small and medium-sized businesses, enterprises and governments safe from cyber threats.
Shannon focuses on protecting SaaS email with data compiled from more than one million sensors around the globe to defend against today’s most sophisticated cyber threats. She is a customer focused, product leader who previously spent 14 years at McAfee where she concentrated on cyber threat visibility and remediation through management platforms. Emmons is a 16-year cybersecurity veteran, and 13-year CISSP.
Earlier this year, I interviewed Shannon’s colleague, Dmitriy Ayrapetov, Executive Director of Product Management at SonicWall. In this episode, we discuss cutting-edge strategies with security: sandboxing, block until verdict, remediation and roll back.
You can listen to my podcast with Dmitriy here.
This episode is sponsored by the CIO Innovation Insider Forum, dedicated to Business Digital Leaders who want to be a part of 20% of the planet and help their businesses win with innovation and transformation.
I hope you enjoyed this program and my interview with Shannon Emmons.
You can go to the show notes to get more information about Shannon and what we discussed in this episode. You’ll find the show notes at redzonetech.net/podcasts.
Until next time. I’m signing off. Thank you and have a great day!
If you are interested in learning more about RedZone and our security expertise in particular related to Cloud and Email Security Kill Chain Strategy, Techniques and Tactics you can email cloudkill@redzonetech.net.
Credits:
* Outro music provided by Ben’s Sound
Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn
Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here
Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.
About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.
If you enjoy listening to my podcast, please take a minute to leave a review here!
As many of you know, I like to choose podcast topics that are at the forefront in the minds of my audience. I also like to interview leaders who inspire me. When I was looking for a new podcast guest for my show, I asked my CTO at RedZone, James Crifasi, if there was someone he knew in security that he really respected – that stood out for him as a leader in the industry.
James recommended Dmitriy Ayrapetov, Executive Director of Product Management at SonicWall. Since RedZone has been a SonicWall partner for many years, I knew Dmitriy, and I knew that he represented most of the network security products that we work with. Luckily, he agreed to come on the show.
My conversation with Dmitriy ranges from philosophical to tactical and technical especially with his positions on Machine Learning and AI with security. We discuss a variety of topics including, who are his mentors and what does a product manager do at a high-profile security company like SonicWall?
One interesting discussion centered around the thought that, “Humans will always make mistakes – human mistakes are one of the main issues with security. Knowing that we will never fix 100% of the problems of security today, and that we have a massive likelihood of a security breach happening,” – I asked Dmitriy “How can you approach this problem?”
Are your security vendors as concerned about business continuity as you are?
I think you will really appreciate Dmitriy’s philosophy for CIOs and CISOs – in particular, his thoughts on human mistakes. He believes that since human mistakes can’t be prevented, that you must realize the need for continuity of the business and be prepared for them.
With this, I want to welcome you to my interview with Dmitriy Ayrapetov.
In this podcast we discuss cutting edge strategies with security: sandboxing, block until verdict, remediation and roll back.
o Find people’s problems and bring these engineered solutions to market
Dmitriy Ayrapetov has been with SonicWall for over 13 years. He is currently the Executive Director of Product Management at SonicWall, in charge of product security. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005.
As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall’s annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley.
You can see all the SonicWall products Dmitriy has had his hand on since the beginning.
• Network Security
• Firewalls
• FTDMI – Automation and Security
• SonicWall ips Series
• Client Capture – rollback
• Email Security
Link to Dmitriy’s SonicWall blog page: https://blog.sonicwall.com/authors/dmitriy-ayrapetov/
• Blog, pub. 9/12/2018: Botnets Targeting Obsolete Software
• Blog, pub. 2/13/2017: Practical Defense for Cyber Attacks + Lessons from 2017 SonicWall Annual Threat Report
Other SonicWall blog pages that cover suggested topics of discussion listed above:
• Sonic Wall Threat Intelligence blog page: https://blog.sonicwall.com/categories/threat-intelligence/
• Annual and mid-year cyber threat reports: https://brandfolder.com/s/pix4u8-fllsa0-f5587c
Other presentations and videos by Dmitriy Ayrapetov:
There are two people that Dmitriy mentioned as thought leaders in the field: one of them is well known, Bruce Schneier, an internationally renowned security technologist; while the other is less known, Dan Geer, CISO at In-Q-Tel. Bruce provides a lot of industry as well as practical advice on his website: https://www.schneier.com/. Dan’s keynote at Black Hat 2014 was, in my opinion, direction setting. It was one of the highest signal to noise ratio keynotes that I’ve ever heard and I still come back to it from time to time. It’s very dense, and is based on an essay that he authored.
The book that Dmitriy mentioned early in the podcast is Hacking Exposed –they’re on the 7th edition now. I’m not “recommending” the book, I just referenced it as something that piqued my curiosity in security early on.
This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.
Credits:
* Outro music provided by Ben’s Sound
Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn
Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here.
Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.
About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.
In this episode, I interview Rahul Kashyap, Chief Security Architect and Head of Security Research at Bromium, a company that focuses on stopping cyber-attacks where users are most vulnerable—the endpoint—through virtualization isolation. One of Silicon Valley’s 40 Under 40, Rahul has built a career around developing cyber defense technologies that focus on exploit prevention. At Bromium, Rahul manages R&D and product security, while simultaneously conducting robust industry outreach, speaking at leading security conferences including BlackHat, BlueHat, Hack-In-The-Box, RSA, DerbyCon, BSides, ISSA International, OWASP, InfoSec UK and others.
Sponsored By:
Time Stamped Show Notes:
4 Key Points:
Key Resources:
Credits:
Show Notes provided by Mallard Creatives
In this podcast episode I interview Bill Brenner, who is an expert at digesting threat intelligence information and making this information available to a wide pool of people from C-Suite Executives to coders and developers. Bill is a Senior Technical writer for Akamai and has been a writer for CSO Online, and Liquid Matrix Security Digest. Additionally, he created and writes in a blog called the OCD Diaries where he discusses mental health issues with IT Executives and staff within the technology industry.
Top 3 items for an IT Security Decision Maker to be concerned about moving forward:
You will also learn some of the best sources for IT Security threat information:
Securosis
Blogs and Podcasts:
Vulnerability Information Sources:
Humanity in Security - Mental Health
The importance of good mental health in the IT Security profession as it relates to depression, anxiety, coping with stress, OCD, Asperger’s, Autism.
The OCD Diaries – An opportunity to destigmatize mental illness and to give people in our industry a life raft and share tools that can help them. Taking your mental disorders and turning them into super powers!
Additional Show Notes
How to reach Bill Brenner:
LinkedIn
Facebook
Twitter
Akamai Blog
The OCD Diaries
Former Publications:
Liquid Matrix Security Digest
CSO Online
What is Your Plan for: Super-Vulnerabilities| Brand Take-down| & Incident Response| Humanity in Security - RedZone
All methods of how to access the show are below:
This episode is sponsored by the CIO Scoreboard, reducing the complexity of your IT Security initiatives. Sign up for a demo here.
Leave a podcast review here
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe here for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.
If you have questions about Microsoft Azure Security you will love this interview with David Cross.
David Cross is the General Manager in charge of Security with Microsoft Azure. He has been the primary inventor of over 25 security patents and is the author of numerous publications and white papers. Prior to Microsoft, he served 5 years with the aviation electronic warfare community with the US Navy. He has a BS in CIS and a MBA.
One of the really fun parts of this interview is actually learning about his invention process as I was very curious about it since he has so many patents!
Ron is an expert in what it takes to develop the next generation of cyber security leaders.
• He is the Air Force Association US CyberPatriot 2013-2014 Mentor of the Year for his work with high school cybersecurity competitions.
• Ron Woerner is the Director of Cybersecurity Studies at Bellevue University. He has over 25 years of corporate and military experience in IT and Security
Resources for Cyber Security Team Competitions
1) Cyber Patriot Youth cyber security team competitions and explanations of the various levels of competition
2) ISC2/MITRE Cyber Challenge Academy Competitions – Capture the Flag
3) National Collegiate Cyber Defense Competition (CCDC)
4) Dr Dan Manson Cal State Pomona who created a single site to coordinate all cyber security competitions into one site called Cyber Security Federation - Single Site for information - Creating a sport out of cyber security competitions
Uris is a leader in the world of research as it relates to IoT Security. This interview is a great learning tool to educate business leaders and your peers about where IoT is going and what it means to you and your business.
Hacking-Back vs Attribution| APT Attack vs Targeted Attacks| Mobility and Virtualization| Leadership and Team Innovation| Ethics and the Selling of Vulnerabilities| The Best Zero Day definition Ever| Options of How to Avoid Poisoning Your Phone| Geo fencing| The One Question that you need to ask to Prevent Losing Your Job after a Breach Incident| Who has the Worse Cyber Criminals China or Russia?| Pinball Machines and Teaching Kids How Things Work Versus Consuming Things
Kayvan is an authentication expert. He gives a fascinating review of the old and future related to User Authentication Trends and Methods for Native Mobile Applications. Do you want to know pros and cons with various authentication methods of the future like IRIS, Selfie Based Authentication, Voice, Finger print, Face Recognition, Gesture and other Trends in Mobile Security ?
In the following interview Hadi and I discuss Big Data Security Topics like the Mosaic Effect, Mobile Security, The Demise of Passwords, IoT TOCTOU Attacks, Driverless Cars, Atomic Views of IoT, Orchestration Layers Limitations with Big Data Security, and what he describes as ‘Loose Membranes’ with IoT security
Alex Hutton major bank CISO, thought leader, influencer, presenter, award winning speaker, as he discusses with me inspiration he gets from the best sushi in the world and a having a vision of craftsmanship in his profession.
I have written about Craftmanship in the past and after talking with CISO Alex Hutton this was emphasized even more. Jiro Ono owns the most famous Sushi restaurant in the world. Similar to Jiro’s you can approach your profession as a master would.
The importance of IT Ops and Security being run as a craft is important because most CIOs and CISOs feel that their biggest value unfortunately is when there is a problem (data breach, failure of a system, etc)
Alex Hutton has served as CEO for Risk Management Insight. He served as a principal in the Risk Intelligence group for Verizon, involved in the development of the VDBIR. He is an avid security blogger, speaker and conference organizer. He brings a wealth of knowledge and experience on risk management and metrics to any discussion. He is a passionate and experienced public speaker
Jack Jones is widely considered a thought leader in risk management and information security, Jack has been employed in technology for the past thirty years; specializing in information security and risk management for twenty-four of those years. During this time he has garnered a decade of experience as a CISO, including five years for a Fortune 100 financial services company. His work has also been recognized by his peers and the industry, earning him the 2006 ISSA Excellence in the Field of Security Practices award, and the 2012 CSO Compass Award for Leadership in Risk Management.
Jack is the originator of the now industry standard risk management framework known as Factor Analysis of Information Risk (FAIR). FAIR has seen adoption globally, within organizations of all sizes, and is now regularly included in graduate-level university courses on information security and referenced by other industry standards. He also recently co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach".
You are really going to enjoy my interview with Mark Robnett, CIO Justice Federal Credit Union. Mark is a rising star in the Credit Union industry and I asked him to detail for you in this episode how he put together his presentation to his board regarding his IT security strategy and tactics. I have found that Justice FCU is about 1-2 years ahead of Credit Unions of its size. I would put them on par with firms many times their size. Mark also has the added pressure of having a very smart and technically savvy board. There is no hiding behind jargon and complexity with them because the board is comprised of individuals with backgrounds in FBI and Justice Department. What a challenge!
A great podcast with Kelly Dempsey of NIST covering Printers, Printer Security, Risks embedded windows 2000, embedded xp. printer service contracts, network takedown risk, DDOS, patching risk, monitoring risk, printer capability, overwriting, encryption, segmentation, non-volatile storage, port management, non-volatile storage confidentiality, risk management, printer lease agreement
In this episode I talk with John Milano, SR VP of RCMD. I ask him questions on his cyber security insurance business and what an IT Leader needs to be asking from their insurance carrier. We cover every conceivable topic and situation. In addition he has suggested questions that all CIOs and IT and business leaders need to be asking. We discuss limits of coverage and how to buy the best appropriate policy for your business.
The topics covered include: Security & Privacy Liability, Media Content, Regulatory Acts Coverage, Breach Response Fund, Legal & Forensic Expenses, Cyber Extortion, DDOS and Business Interruption, Business Interruption, Crisis Fund then listen below.