Info

Bill Murphy's RedZone Podcast | World Class IT Security

World Class IT Security – Strategic and Tactical Thought Leadership, Advanced Topics for Top IT Leaders: Innovation, Ideas, Creativity, Neuroscience of Optimal Performance – Fearlessness Living Principles.
RSS Feed Subscribe in Apple Podcasts
Bill Murphy's RedZone Podcast | World Class IT Security
2019
October
September
August
July
June
January


2018
December
October
September
August
July
May
April
March
February
January


2017
August
July
June
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


Categories

All Episodes
Archives
Categories
Now displaying: Page 3
Oct 22, 2016

There was literally too much ground to cover with Peter Singer. He was one of these interviews where you just have to let him run because he has so much to say. His knowledge and experience are too wide to cover in a short hour, but here are some key takeaways that you will learn when you listen.

Major Take-Aways From This Episode:

He is not a doomsday figure, but one that seeks to find alternatives, explain, and develop context to the changes that are impacting our lives.

He was on a research project that asked 60 people what are the 5 trends that are of the same magnitude the release of computer in 1980:

  1. Hardware – Robots, autonomous vehicles
  2. Software – IoT, Big Data, AI
  3. Waveware – Energy Sources, solar, lasers
  4. Hardware – Additive printing and manufacturing, 3d, bits to atoms
  5. Wetware – human performance enhancing technology

Bio science is impacting technological breakthroughs faster than Moore’s law on the computer side. These breakthroughs are coming in endurance, cognition, concentration and will impact everything from classrooms to high performance executive functioning.

The Biological Metaphor for Security is huge. I have been using it for a while to compare tech security to how nature secures herself from threats. What can we learn from nature in order to defend our systems:

  • Nature has designed resilient systems;
  • Nature has natural defenses all working in unison;
  • Public and private sector interaction;
  • No one action can do it all;
  • Attitude of The British =  “Keep Calm and Carry On”

I have linked up all the show notes on redzonetech.net/podcast where you can get access to Peter Singer’s books and publications.

About Peter W. Singer:

Peter Warren Singer is a Strategist and Senior Fellow at the New America Foundation, the author of multiple award-winning books, and a contributing editor at Popular Science. He has been named by the Smithsonian Institution-National Portrait Gallery as one of the 100 "leading innovators in the nation," by Defense News as one of the 100 most influential people in defense issues, by Onalytica social media data analysis as one of the ten most influential voices in the world on cybersecurity, and by Foreign Policy to their Top 100 Global Thinkers List, of the people whose ideas most influenced the world that year.

Described in the Wall Street Journal as "the premier futurist in the national-security environment," Dr. Singer is considered one of the world's leading experts on changes in 21st century warfare. He has consulted for the US Military, Defense Intelligence Agency, and FBI, as well as advised a range of entertainment programs, including for Warner Brothers, Dreamworks, Universal, HBO, Discovery, History Channel, and the video game series Call of Duty, the best-selling entertainment project in history. He served as coordinator of the Obama-08 campaign's defense policy task force and was named by the President to the US Military's Transformation Advisory Group. He has provided commentary on security issues for nearly every major TV and radio outlet, including ABC, Al Jazeera, BBC, CBS, CNN, FOX, NPR, and the NBC Today Show. In addition to his work on conflict issues, Singer is a member of the State Department's Advisory Committee on International Communications and Information Policy. In the entertainment sector, he has received awards/support from the Tribeca Film Institute, Sloan Filmmakers Fund, Film Independent, and FAST Track at the L.A. Film Festival.

Read full transcript here.

How to get in touch with Peter W. Singer:

Website:

Books:

Publications:

Other Resources:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Sep 27, 2016

This episode is brought to you by the CIO Scoreboard

Massimo Pigliucci has a Doctorate in Genetics from the University of Ferrara (Italy), a PhD in Evolutionary Biology from the University of Connecticut,
and a PhD in Philosophy from the University of Tennessee.


He has done post-doctoral research in evolutionary ecology at Brown University and is currently the K.D. Irani Professor of Philosophy at the City College of New York.

His research interests include the philosophy of biology, the relationship between
science and philosophy, the nature of pseudoscience, and the practical philosophy of Stoicism. Prof. Pigliucci has been elected fellow of the American Association for the Advancement of
Science.

In the area of public outreach, Prof. Pigliucci has published in national outlets such as the NewYork Times, Philosophy Now and The Philosopher's Magazine among others. I have linked in the show notes to a great article he wrote recently in the New York times.

Pigliucci publishes two blogs: Plato's Footnote (platofootnote.org), on general philosophy, and How to Be a Stoic (howtobeastoic.org), on his personal exploration of Stoicism as practical philosophy.

At last count, Prof. Pigliucci has published 146 technical papers in science and philosophy. He is also the author or editor of 10 technical and public outreach books, most recently of Answers for Aristotle: How Science and Philosophy Can Lead Us to a More Meaningful Life (Basic Books) Philosophy of Pseudoscience: Reconsidering the Demarcation Problem (University of Chicago Press), co-edited with Maarten Boudry. Other books include Answers for Aristotle: How Science and
Philosophy Can Lead Us to a More Meaningful Life (Basic Books) and Nonsense on Stilts: How to Tell Science from Bunk (University of Chicago Press).


We explored quite a few topics on Ethics and AI, Types of Ethical Philosophies, the difficulty of programming ethics, stoicism.


I also asked him how to pose great questions to stir great conversation at the table with my kids...

There is a bunch of resources that we discussed. Check them out on redzonetech.net.

Major Take-Aways From This Episode:
1) 3 Major Types of Ethical Philosophies.
2) Ancient Virtue Ethics and Philippa Foot .The answer is always well it depends, what would a good person do? Human judgment is needed + nuance.
3) Modern Kantian (Started by Immanuel Kant) Deontological Ethics Rule-based ethics.
4) Modern John Stuart Mill's Utilitarianism Ethics is whatever increases the happiness of the largest number of people.
5) Why there is no such thing as Intuition and how understanding Intuition and Science can make you aware of how to make yourself better as a person and leader.
6) 3 Steps to augmenting intuition using Stoicism.
7) AI vs. Smart Intelligence versus consciousness
a. Trolley dilemma;
b. Throw-man-off-bridge dilemma;
c. Autonomous cars (programming a car to avoid a human being).
8) The different types of philosophy.
9) Kids and Philosophy resources to get your kids into good dinner table debates.
10) The Stoic Philosophy between (preferences and desires) and examples.
11) Skill acquisition and developing expertise using Stoic Philosophy.
12) Types of Philosophy of Science (Mathematics, Logic, Stoic). The role of Logic.
13) Why Stoicism is gaining popularity.
14) Stoicism for kids.

Ways to connect with Massimo Pigliucci:

Website:

Teachings, event and news updates

Podcast:
Rationally Speaking (archives)

Books and Publications: 

Video Resources:

Resources Mentioned:

Kids Philosophy Resources:

Other Resources: 

This episode is sponsored by the CIO Security Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:

 

Other Ways To Listen to the Podcast 
iTunes | Stitcher | Libsyn | Soundcloud | RSS Feed | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here.

Click here for instructions on how to leave a review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

 

Sep 23, 2016

Daniel Burrus has over 800k followers on Linkedin. Out of 300 million linkedin profiles he is in the top 35. This is stunning, but wait because once I go through his bio you will understand why.

He is considered one of the World's Leading Futurists on Global Trends and Innovation. The New York Times has referred to him as one of the top three business gurus in the highest demand as a speaker.

He is a strategic advisor to executives from Fortune 500 companies helping them to develop game-changing strategies based on his proven methodologies for capitalizing on technology innovations and their future impact. He is the author of six books, including THE NEW YORK TIMES and THE WALL STREET Journal best seller Flash Foresight as well as the highly acclaimed Technotrends.

Daniel Burrus' accurate predictions date back to the early 1980s (over 35 years) where he became the first and only technology futurist to accurately identify the twenty technologies that would become the driving forces of business and economic change for decades to come. Since then he has established a worldwide reputation for his exceptional record of predicting the future of technology driven change and its direct impact on the business world.

As a business strategist, he has helped hundreds of clients profit from new opportunities and develop successful competitive business strategies based on the creative application of leading-edge technologies. Daniel is a thought leader and contributing writer on the topics of innovation, change and the future for HARVARD BUSINESS REVIEW, LINKEDIN, HUFFINGTON POST, WIRED MAGAZINE AND EXAMINER.COM to name a few.

He has founded six businesses, four of which were national leaders in the United States in the first year. He is the CEO of Burrus Research, a research and consulting firm that monitors global advancements in technology driven trends to help clients profit from technological, social and business forces that are converging to create enormous, untapped opportunities.

Major take – aways from this episode are:

  1. Why is having an ‘anticipatory’ organization  better than being ‘agile’.
  2. Developing a Methodology to Anticipate Disruption and Opportunities.
  3. The critically important difference between a HARD and a SOFT trends in evaluating risk.
  4. Is Bitcoin a Hard or Soft trend for example? Is Cyber currency a hard or soft trend?
  5. The difference between ‘computing power’ and ‘processing power’ related to Moore’s Law.
  6. What happened to Kodak when they treated digital photography as a Soft Trend.
  7. Business process trends over the next 5 years [Hard Trend].
  8. The Science of Strategic Foresight.
  9. How to Avoid Busying Yourself out of business.
  10. How to identify change versus transformation.
  11. Rapid problem solving for CIOs by using the “skip it process”.
  12. The problem is never ‘budget’.
  13. 3 HARD Technology TRENDS to pay attention to: Technology, Demographics (Gen Z), and Government Regulation (caused by Cyber).

Read full transcript here.

I have linked up all the show notes on redzonetech.net/podcast where you can get access to Daniel Burrus’s  book and publications.

About Daniel Burrus:

DANIEL BURRUS is considered one of the World's Leading Futurists on Global Trends and Innovation, and is the founder and CEO of Burrus Research, a research and consulting firm that monitors global advancements in technology driven trends to help clients understand how technological, social and business forces are converging to create enormous untapped opportunities. He is the author of six books including New York Times & Wall Street Journal best seller Flash Foresight.

Daniel Burrus is also the creator of The Anticipatory Organization™ Learning System–named a Top 10 Product of 2016.The AO Learning System is a training process for executives and their teams to develop the skills to accurately foresee and take critical actions before disruption strikes.

How to get in touch with Daniel Burrus :

Website:

Blog:

Books/Publications:

Key Resources:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Sep 2, 2016

Kevin Kelly, I think, may be the smartest person in the world...and I am only half-joking. I have been deeply interested in his work, and his thinking has influenced mine.
His 2010 book What Technology Wants changed my perspective on Information Technology in 2010; his book Cool Tools is a compendium of the best tools cultivated from his years of research. Among other resources I like is his blog post 1000 True Fans; his latest book just released this summer titled The Inevitable; and his podcast interviews on London Real, Tim Ferriss, Lewis Howes, and Chase Jarvis.
I asked him to come onto the show to get into topics that I had not heard him dive into from the perspective that I was curious about... I know you will be too.

Major take aways from this episode are:

1. If you were the leader of a 1000 person company, what would you ask your direct 5 reports to do?
2. What skills are needed to teach kids to handle this new future in regards to learning and failure?
3. How Kevin Kelly would handle ethics and governance as we program Artificial Intelligence.
4. How humans will become more ethical and moral training AI.
5. Kevin's AI philosophy is very unique and will help you understand the role of AI working with other AIs.
6. His opinion on the difference between AI, Machine Learning, and Deep Learning.
7. The importance of being a newbie and an attitude of being a lifelong learner.
8. The difference between learning, how to learn versus finding how you learn that is unique to you.
9 . The skills enterprise leaders need to have in regards to how to fail.
10. The important skill of looking at the edges.
11. "In a world of abundance the only scarcity will be our attention," Herbert Simon.

I have linked up all the show notes on redzonetech.net/podcast when you can get access to Kevin Kelly's books and publications.

About Kevin Kelly:

Kevin Kelly is Senior Maverick at Wired magazine. He co-founded Wired in 1993, and served as its Executive Editor for its first seven years. He is also founding editor and co-publisher of the popular Cool Tools website, which has been reviewing tools daily since 2003. From 1984-1990 Kelly was publisher and editor of the Whole Earth Review, a journal of unorthodox technical news. He co-founded the ongoing Hackers' Conference, and was involved with the launch of the WELL, a pioneering online service started in 1985. His books include the best-selling New Rules for the New Economy, the classic book on decentralized emergent systems, Out of Control, a graphic novel about robots and angels, The Silver Cord, an oversize catalog of the best of Cool Tools, and his summary theory of technology in What Technology Wants (2010). His new book for Viking/Penguin is called The Inevitable.

Read full transcript here.

How to get in touch with Kevin Kelly:

Website:

Podcast:

Blog:

Books:

Key Resources:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Aug 26, 2016

Chris Hadnagy specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.
Chris, is the founder and CEO of Social-Engineer. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. What I found fascinating from Chris' bio is that he is a certified Expert Level graduate of Dr. Paul Ekman's Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties.
He established the world's first social engineering penetration testing framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering.
A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books My favorite was - Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails, which is his latest that I read. You can access all the link to his books, website, etc. at www.redzonetech.net/podcasts

Major take – aways from this episode are:

  1. Reminder: you can download the transcript of the entire interview at redzonetech.net/podcast.
  2. A classic story of a Social Engineering hack that Chris did is at the 12 minute mark; it is a great example that will remind you of what you need to do to train employees.
  3. The importance of the brain and amygdala as it relates to IT Security.
  4. The importance of the psychology of security.
  5. The importance of non-verbal facial expression and body language.
  6. How to trigger empathy and compassion in a target which really shows how this method is so effective.
  7. The role of mirror neurons.
  8. You will understand the brain and how it reacts to fear, emotion, and danger in relation to social engineering hacks.
  9. @ 35 minutes learn about What is a BEC Scam – Business Email Compromise and how to avoid it.
  10. The difference between Whaling, Vishing, and Phishing.

I have linked up all the show notes on redzonetech.net/podcast when you can get access to Chris Hadnagy’s books and publications.

Read full transcript here.

How to get in touch with Chris Hadnagy

Website:

Podcast:

Social Engineer Podcast

Blog:

Social Engineer Blog

Books/Publications/ Videos:

Resources Mentioned:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Aug 19, 2016

I first learned about Brian MacKenzie when I was training for my first Ironman’s and I read his books about endurance and mobility and he changed my concepts about what was possible with running. Basically, pounding out miles just doesn’t work as you get older (and when younger too). But this doesn’t apply to just running…… Brian applies exponential training approaches to optimize human performance; he relentlessly challenges conventions and tests assumptions. Recently I was reacquainted with Brian’s work when I started training with Wim Hof's cold and breathing methods and was looking to see who else was interested in them….. So I reached out to ask him on the show.

 Major take – aways from this episode are:

  1. How you can change anything with 10 breaths.
  2. Using breathing techniques to amplify, deepen and quicken meditation benefits.
  3. The power of breath work to stabilize mood regulation and reactive behavior patterns.
  4. Co2 adaptation + Integrating breathing, ice and heat.
  5. How to activate the Vagus nerve.
  6. Importance of diaphramatic breathing.
  7. Using breathing to access Flow States.
  8. Proper breathing technique for sport, business and life.
  9. Mobility – the importance of keeping tissue supple.
  10. Eating principles vs fads to follow that Brian coaches people on related to a) Vegetables; b)humanely treated animal protein (not stressed); c) High quality fats.
  11. The impact of a) sugar; b) processed foods; c) hydration; d) high quality breads.
  12. Must read and listen to Netflix video by Mike Pollan, “Cooked” and In Defense of Food – An Eaters Manifesto.
  13. Taking personal responsibility of your health by engaging your doctor.
  14. Benefits of getting your genetics tested (Wellness fx).
  15. Dumbing down technology so that you can feel again.
  16. Mike Rowe on the importance of working opportunities not passion.

I have linked up all the show notes on redzonetech.net/podcast where you can get access to Brian’s blog publications.

About Brian

Brian Mackenzie is a human performance and movement specialist. He is the innovator of the endurance, strength and conditioning paradigm. He has studied performance and movement for more than a decade along with altitude, hypoxia, breathing mechanics, heat and cold exposure. He has spent most of his time training in and around the water and ocean. Brian has competed in Ironman (Canada 2004), and has run the Western States 100 and the Angeles Crest 100 mile endurance runs.
He co-authored the book Power Speed Endurance, and NYTimes Best Seller UnBreakable Runner. Brian founded and created Power Speed Endurance (PSE), which specializes in movement, skill & strength development for sports with an emphasis in running, cycling, and swimming mechanics.
MacKenzie's program has taught over 50 seminars per year (on avg since 2007) worldwide and provides free programming via PSE. MacKenzie and his programs have been featured in Muscle & Fitness, Men's Health, Competitor Magazine, Runners World, Triathlete Magazine, Men's Journal, ESPN Rise, The Economist, Tim Ferriss' New York Times bestseller The 4-Hour Body, Men's Running UK, LA Sport & Fitness, Muscle & Performance Magazine, and Rivera Magazine.
Brian has worked with many top-level professional athletes including iconic surfers and waterman such as Laird Hamilton, Jamie Mitchell, Mark Healy, Kai Borg Garcia. CrossFit Games athletes including Rich Froning Jr (4X CrossFit Games Champion) and Annie Thorisdottir (2X CrossFit Games Champion). And also Olympic Gold Medalists such as Erin Cafaro (2X Olympic Gold Medalist in Rowing W8+, Wife) and Taylor Ritzel (2012 Olympic Gold Medalist W8+). Brian continues to work with several other professional and elite level athletes in sports spanning from Triathlon, Running, MMA, Swimming, Cycling, Rowing, Surfing, Base Jumping, to US Navy SEALS, Army Rangers and many other Military and Specialty units helping them optimize their movement and lifestyle practices.

Read full transcript here.

How to get in touch with Brian MacKenzie:

 Website:

Blog:

Power Speed Endurance Blog

Brian’s Books:

Podcast Interviews:

Power Speed Endurance Podcast

 In the Press:

RunningCompetitor.com

Resources Mentioned:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Aug 12, 2016

It took a while to get John Sileo on the show after my team heard him speak at an ISACA conference. He is a very in demand speaker and you will see why soon.

John Sileo’s identity was stolen and used to embezzle $300,000 from his clients. The exposure destroyed John’s career and consumed two years of his life as he fought to stay out of jail.

Combining real-world experience with years of study, John became an award-winning author and leading expert on cyber security, identity theft and data privacy.

John is CEO of The Sileo Group, a data security think tank that helps organizations protect the information that drives their profits. His body of work includes engagements with the Pentagon, USA Today, Visa, 60 Minutes, Homeland Security, Rachael Ray, Schwab and organizations of all sizes.

John graduated with honors from Harvard University and spends his free time with his remarkable wife and two highly spirited daughters.

Major take – aways from this episode are:

  1. Why do you start with Why? With IT Security. Security starts with a person behind the social security number.
  2. The Difference between Offense (CIO) and Defense (CSO) for IT Business Leaders.
  3. The importance of splitting the role of CSO away from the CIO – so that you don’t have defense reporting to offense.
  4. Renting CSO Services vs buying.
  5. Building security as a habit – Review the Book by Charles Duhigg Power of Habit:Why We Do What We Do In Life and Business.
  6. Build one new habit into your IT Sec Program.
  7. The importance of company culture and IT Security.
  8. Do you celebrate IT Security wins at the highest levels?
  9. Celebrate the reductions of employee errors clicking on phishing attempts.
  10. 3 ways to protect your data from a ransomware. See John Sileo’s website.
  11. Of the people he has studied 90% of the people who have paid the ransom only 50% receive the key to unlock their data.
  12. The Neuroscience of the Pre-frontal cortex, Cortisol, amygdala and how it applies to IT Security.
  13. Review your greatest threat protection and the role of HR.

I have linked up all the show notes on redzonetech.net/podcast when you can get access to John’s books and publications.

Ways to Connect with John Sileo

Website:

Blog:

Books/Publications:

TV Appearances:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Aug 5, 2016

The challenge for many CIOs is that Board discussions regarding IT Security still lack a common language and toolset with which to accurately convey the security profile of the organization.
CFOs, on the other hand, have numerous commonly accepted tools they can use to present the financial health of the organization and drill down to any level of detail. Using a common lexicon, they can even compare data over a monthly or yearly basis to provide a clear picture of progress, or lack of it. The data is trusted. The tools are trusted. The CFO is trusted.
Until recently, CIOs have had to struggle to build the same level of trust with the Board because there was no comparable reporting system for IT Security. As a result, CIOs could easily get caught up in the latest shiny toys or distraction-of-the month discussions with individual Board members and fail to address IT Security threats. For CIOs, the consequences included mission failure and personal failure.
In this podcast, I explore the challenges and opportunities CIOs face when they present security issues to the Board. With challenges come opportunities. The opportunities are created when CIOs understand the critical role they play in distilling the complexities of IT Security and coaching the Board. These activities build trust, and once achieved, drive investment decisions that protect the business. Getting to that point is the topic of this episode.
 

How to get in touch with Bill Murphy

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Other Ways to Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Credits:
* Outro music provided by Ben’s Sound

Jul 23, 2016

I have never had a guest like Frank Ahearn on the show. He has a very unique perspective on security having lived a set of life experiences we only read about.

Frank works with individuals who need to learn how to disappear, fall off the radar or have extreme privacy needs. He is an expert at vanishing people, creating high-net-worth-privacy, travel privacy and foreign state privacy. Law firms and private asset companies worldwide utilize his unique disinformation and stratagem services.

Major take aways from this episode are:

1) The practice and reality of disappearing in today's digital world of zero privacy
2) Creating disinformation to protect the innocent. Think Ninja smoke screen effect
3) Social engineering & pretexting
4) The underground world of skip tracing
5) Tales of an undercover for hire
6) Hunting people
7) Disappearing from Big Brother Government and Companies
8) Reputation Management
9) If your son gets drunk in college and now his mug shot is public. What can you do about it?

I have linked up all the show notes on redzonetech.net/podcast when you can get access to Frank's blog and published books.

Read full transcript here.

About Frank

Frank M. Ahearn is a privacy expert, skip tracer and social engineer. He is a New York Times Bestselling author of numerous privacy books.

How to get in touch with Frank Ahearn

Websites:

Frank's Books:

Books Mentioned:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Jul 9, 2016

Jacob Morgan is an Author, speaker and futurist. Jacob is a great resource for Business Technology Leaders as he helped craft and create this Future of Work Conversation from scratch 8 years ago.
 
Major take aways from this episode are:

1. What people ask him most about Future of Work as he speaks around the world
2. Tools being used to augment your education.
3. The future of AI and Robotics for jobs.
4. What Cisco is doing for their workers?
5. Organizational Design and Employee Experience.

I have linked up all the show notes on redzonetech.net/podcast when you can get access to Jacob's podcast episodes and blog publications.

You can read full transcript here.

About Jacob

Jacob Morgan is an author, speaker, and futurist. Jacob's latest book, The Future of Work: Attract New Talent, Build Better Leaders, and Create a Competitive Organization, explores how the workplace is changing and was endorsed by business leaders such as the Chairman of KPMG, CEO of Whirlpool, CEO of Intuit, CEO of SAP, CEO of Schneider Electric, and many others.

Jacob also co-founded the Future Of Work Community which is a brand council of the world's most forward thinking organizations who come together to explore the future of work. He frequently speaks at conferences and events all over the world and contributes to media publications such as Forbes, the WSJ, USA Today, INC Magazine, CNN, and many others.
His clients include companies such as Microsoft, St. Jude Children's Research Hospital, NYU, Wells Fargo, The Harvard Business Review, SAP, Cisco, and many others. Jacob also hosts the popular Future of Work Podcast where he interviews business leaders, executives, and authors. In addition he has a bi-weekly Youtube video series called the Future in 5 and a longer form program called The Future of Work Show where he goes inside of the world's most forward thinking companies to interview employees, executives, and tour their offices.

How to get in touch with Jacob Morgan

Website:

thefutureorganization.com

Podcast:

The Future of Work Podcast

Publications:

Books:

YouTube:

the Future in 5

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Jul 1, 2016

Enrique Rubio and I share a favorite quote:
"you can't solve problems from the same level of thinking that created them." Albert Einstein
I was interested to bring Enrique onto the show because he has great depth of knowledge in understanding perplexing challenge unique to our generation. How do we in the Western World who live in a World of Abundance solve complex problems in the developing world? How do we deploy exponential technologies in a sustainable way that makes the lives of others better? How do we approach solving complex problems.

Enrique Rubio is an Electronic Engineer and a Fulbright scholar with an Executive Master's Degree in Public Administration from Syracuse University. Enrique is passionate about leadership, business and social entrepreneurship, curiosity, creativity and innovation. He is a blogger and podcaster, and also a competitive ultrarunner.

Major take aways from this episode are:
1. Design Thinking and how Design thinking and collaboration is used to solve complex problems.
2. The problem with heavy strategic and design versus the advantage of resource constraints.
3. The power of experiments. Cheap, flexible, nimble experiments.
4. Stories about Entrepreneurship, Nomads, The Himalayas and Solar Panels.
5. What is a Social Entrepreneur?
6. The Power of Curiosity and being "open-minded .
7. Understanding that "Fearing Less" is our primary mission in order to develop better questions.

I have linked up all the show notes on redzonetech.net/podcast where you can get access to Enrique's podcast episodes and blog publications.

Read full transcript here.

How to get in touch with Enrique Rubio:

Website:

Innovation for Development

Podcast:

Publications/ Interviews:

Resources Mentioned:

Books Mentioned:

Abundance Kotler, Diamandis

Exponential Organizations Salim Ismail

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.


 
 
 

Jun 22, 2016

Chuck Blakeman is a successful entrepreneur, best-selling business author and world-renowned business advisor who has built ten businesses in seven industries on four continents, and now uses his experience to advise others. His company, Crankset Group, provides outcome-based mentoring and peer advisory for business leaders worldwide.

He has written two best-selling books titled Making Money is Killing Your Business and  Why Employees are Always a Bad idea which have both been #1 and top ten rated business books.

Chuck writes thought provoking books and blog posts. His writing, ideas and philosophy rattle my brain in a good way. I have provided links below to his published work online with New York Times, Entrepreneur Magazine, Success Magazine and my favorites, which are his articles on Inc. Magazine.

If you are an Entrepreneur or a Senior Leader you will find Chuck’s message inspiriting and refreshing and relieving.

This is my second discussion with Chuck and I like him so much because he is a practitioner and not a theoretician. I think this is important for people owning, running and operating businesses.

Major take – aways from this episode are:

  1. The Concept of Freedom Mapping and the importance of asking yourself “why” you are doing things.
  2. The Formula for Success is Time + Money = Significance.
  3. How to avoid being a hostage to your business.
  4. Is there such a thing as work – life balance?
  5. The tyranny of urgent versus important.
  6. The difference between “learning” and “education” for adults and why adults suck at education. The irony of this is that I was just listening to a Tony Robbins interview on Lewis Howes' Show (on Tony’s Jet) where he said “the happiest people are lifetime learners”!
  7. The importance of groups to support your growth. See Chuck’s 3to5 Club
  8. The importance of EQ – Emotional Intelligence.
  9. The role of HR in the future.
  10. What Chuck would tell his 30 year old self.
  11. What his most gifted book is.
  12. The importance of taking risks.

I have linked up all the show notes on redzonetech.net/podcast where you can get access to Chuck’s presentation and research.

About Chuck

Chuck Blakeman is an internationally acclaimed speaker, best-selling business author, and world-renowned business advisor.

Chuck sold on of his businesses to the largest consumer fulfillment company in America and led three other $10-100 million companies. He presently leads the Crankset Group and a for-profit business based in Africa, focused on developing local economies to solve poverty.

Mr. Blakeman is a results leader with decades of experience leading companies in marketing, import/export, fulfillment, call centers, website development, printing and direct mail processing.

Some of Mr. Blakeman’s customers have included Microsoft, Apple, Eli Lilly, TAP Pharmaceuticals, Sun Microsystems, Tyco Healthcare, Johns Manville and many more Fortune 5000s and smaller businesses.

He is a convention speaker, writer, and non-profit board member. Recent speaking appearances include Kenya, Canada, Ireland, New Zealand, and across the US. 100+ times a year. Recent print and online appearances include Inc. Magazine (regular contributor), Success Magazine, Entrepreneur Magazine, CNNMoney.com. He was recently cited in Dr. Stephen Covey’s recent book, The 3d Alternative.

Read full transcript here.

How to get in touch with Chuck Blakeman:

Websites:

Books:

Publications:

Videos:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

Jun 14, 2016

Marshall Kuypers is a PhD candidate in Management Science and Engineering at Stanford University, concentrating in Risk Analysis. His research studies quantitative models to assess cyber security risk in organizations. I heard Marshall talk at a major IT Security conference and after listening to him, I knew that I had to get him on the show to share his expertise.
Marshall continues a theme that I have been harping on recently which is for you to deepen your sophistication of communicating at the highest level in your organization about Cyber Risk and investments that you want your company to mitigate against.
For some of you this discussion will be re-enforcement of concepts and ideas that you already know but need to be reminded of. For others, Marshall will bring a fresh approach to you to test with your CFO, CEO or Board. The more effective you can be with communicating to your horizontal peers and upstream reports the better you can fulfill your mission within your company.

Major take aways from this episode are:

1. A Practical and actionable discussion regarding Risk Analysis for Cyber Security
2. How Develop situational awareness for making better IT Security Investment Decisions
3. How to look at your internal security event data in a different way (no not your log data) to support IT Security investment.
4. How to validate or eliminate intuition from assessing probability of IT Security events happening.
5. How to eliminate recency bias from IT Security decisions (Fear and uncertainty cranked by media).
6. We also discuss power laws and complex systems theory which is fun as well.
I have linked up all the show notes on redzonetech.net/podcast where you can get access to Marshall's presentation and research.

About Marshall

Marshall Kuypers is a PhD candidate in Management Science and Engineering at Stanford University, concentrating in Risk Analysis. His research studies quantitative models to assess cyber security risk in organizations. Marshall has a diverse background spanning many fields, including modeling cyber security, developing trading algorithms with a high frequency trading company, researching superconducting materials at UIUC, and modeling economic and healthcare systems with the Complex Adaptive Systems of Systems (CASoS) engineering group at Sandia National Labs. Marshall is also the Co-President of the Stanford Complexity Group and a predoctoral science fellow at the Center for International Security and Cooperation (CISAC) at Stanford.

Read full transcript here.

How to get in touch with Marshall Kuypers:

Key Resources:

Books Mentioned:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Please Leave a Review 
Support this growing and thriving program by giving us a review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

May 21, 2016

Jack Freund, the guest of my latest podcast, is the co-author of a book with Jack Jones on quantifying risk (Measuring and Managing Information Risk: A FAIR Approach). This book was inducted into the Cybersecurity Canon in 2016. The Cyber Security Canon is a Hall of Fame for IT Security books. The founder Rick Howard has been a previous guest on this podcast.

Some of the links that I really like from this episode are Jack’s presentation called “Assessing Quality in Cyber Risk Forecasting”, his most recent article in the ISSA Journal that I love called “Using Data Breach Reports to Assess Risk Analysis Quality”. You will be able to find all links and show notes at redzonetech.net/podcast

This episode is sponsored by the CIO Scoreboard

Major take-aways from this episode are:

1. Elevate Your IT Security Risk Communication Game using Data Breach reports to Inspire Action in the Business
2. How to use Risk Data so that the business becomes more comfortable with uncertainty
3. New Refreshing perspectives on presenting IT Security Risk to the business
4. Predicting and Forecasting likelihood and frequency of events happening into your risk analysis
5. How to Use External Data Breach Sources of competitors and non-competitors to build your risk cases.

About Jack

Dr. Jack Freund is a leading voice in Information Risk measurement and management with experience across many industry segments. His corporate experience includes spearheading strategic shifts in IT Risk by leading his staff in executing multimillion dollar efforts in cooperation with other risk and control groups.

Jack has been awarded a Doctorate in Information Systems, Masters in Telecom and Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CIPP, and PMP designations. Jack's academic credentials include being named a Senior Member of the ISSA, IEEE, and ACM, a Visiting Professor, and an Academic Advisory Board member.

Find transcript here

How to get in touch with Jack Freund

Key Resources:

Books/Publications

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you're doing this for the first time.

Apr 9, 2016

During my last interview I had a great talk with Daniel McDuff. Daniel’s research is at the intersection of psychology and computer science. He is interested in designing hardware and algorithms for sensing human behavior at scale, and in building technologies that make life better. Applications of behavior sensing that he is most excited about are in: understanding mental health, improving online learning and designing new connected devices (IoT).
Listen to more about why it is important to collect data from much larger scales and help computers read our emotional state.

Key Learning Points:
1. Understanding the impact, intersection, and meaning of Psychology and Computer Science
2. Facial Expression Recognition
3. How to define Artificial Intelligence, Deep Learning, and Machine Learning
4. Applications of behavior sensing with Online Learning, Health, and Connected Devices
5. Visual Wearable sensors and heart health
6. The impact of education and learning
7. How to build computers to measure phycology, our reactions, emotions, etc
8. The impact of working in a no-fear zone for top accomplishment.

About Daniel

Daniel is building and utilizing scalable computer vision and machine learning tools to enable the automated recognition and analysis of emotions and physiology. He is currently Director of Research at Affectiva, a post-doctoral research affiliate at the MIT Media Lab and a visiting scientist at Brigham and Womens Hospital. At Affectiva Daniel is building state-of-the-art facial expression recognition software and leading analysis of the world’s largest database of human emotion responses.

Daniel completed his PhD in the Affective Computing Group at the MIT Media Lab in 2014 and has a B.A. and Masters from Cambridge University. His work has received nominations and awards from Popular Science magazine as one of the top inventions in 2011, South-by-South-West Interactive (SXSWi), The Webby Awards, ESOMAR, the Center for Integrated Medicine and Innovative Technology (CIMIT) and several IEEE conferences. His work has been reported in many publications including The Times, the New York Times, The Wall Street Journal, BBC News, New Scientist and Forbes magazine. Daniel has been named a 2015 WIRED Innovation Fellow. He has received best paper awards at IEEE Face and Gesture and Body Sensor Networks. Two of his papers were recently recognized within the list of the most influential articles to appear in the Transactions on Affective Computing.

How to get in touch with Daniel McDuff

Key Resource

YouTube:

Books/Publications:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Credits:
* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill onLinkedIn and Twitter.

Mar 30, 2016

I recently had a wonderful talk with Pascal Finette. I am really excited to share our conversation on the exponential technologies with you. Pascal is the head of Singularity University's SU Labs, where he leverages most intractable problems with cutting-edge technologies. One of the concepts we have delved into during our discussion was the concept of innovating organization at the edge instead of the core and how to approach growth through the lens of this concept. A lot of us are familiar with innovation when it comes to processes. How is it done with a product that is a business unit?

Listen to more about the question to ask about open-sourcing, concept of “crow funding”, and the importance of moonshot thinking and exploring more at the edge.

 4 Key Learning Points:

  1. The importance of the innovation at the edge of the core of an organization.
  2. The importance of moonshot thinking and asking big questions.
  3. What to be aware of when it comes to implementing open source concept.
  4. How to use the crowd funding mechanism to utilize talent from outside of the organization.

Find full transcript here

About Pascal Finette

Pascal heads up Entrepreneurship at Singularity University, including the Startup Accelerator, Venture Fund and the Entrepreneurship Track where he inspires, educates and empowers entrepreneurs tackling the world’s most intractable problems leveraging exponential technologies. Pascal has spent his career pushing the boundaries of technology and passionately believes the Internet can deeply impact mankind.

He founded the non-profit organizations Mentor for Good and The Coaching Fellowship; the ‘GyShiDo’ (Get Your S%#& Done) movement and publishes the opinionated newsletter, ‘The Heretic’, which is read by ten of thousands of entrepreneurs around the globe.

Pascal frequently speaks and writes about the interaction of entrepreneurship, technology, and global impact. Pascal coaches clients on leadership potential and loves to work with entrepreneurs who are making things better and go from zero to one.

How to get in touch with Pascal:

LinkedIn profile

Twitter

Facebook

Key Resources:

Website

Your Story

Singularity University

AngelList

The Setup

Startupery

You Tube

TED Talk

Illuminate 2015

Talk on Exponential Technologies

Interview at BSR 2015

http://technoport.no/content/343/Pascal-Finette

Interview

https://www.youtube.com/watch?v=EiwkFgBk3B0

Books

 Amazon Book Reviews

Publications

http://theheretic.org/

http://unreasonable.is/author/pascal/

http://www.unlife.co/pascal-finette/

This episode is sponsored by the CIO Security Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Feb 23, 2016

Today I had a wonderful talk with Zack Schuler. Zack is the founder and CEO of Ninjio, which is an I.T. Security Awareness business.   We discuss how 95 % of all breaches are caused by human error. It seems like such an obvious problem. But what can you do about this? Zach’s company has developed a way using a team of Hollywood writers to develop compelling security education and training to not just have your IT professionals involved in IT defense but have all your employees involved.

4 Key Learning Points:

  1. The importance of the gamification of security training in developing a security culture
  2. The importance of entertainment in storytelling
  3. How to deploy training easily and efficiently.
  4. How to measure the effectiveness of training.

Zack Schuler

Zack is the founder and CEO of Ninjio, which is an I.T. Security Awareness business.   Zack is passionate about keeping people safe from the countless cyber threats that are ever increasing.

Listen to more about how to help train staff on increasing security awareness and education through a unique method of gamification and storytelling.

Time Stamped Show Notes:

  • How Zack found Ninjio [02:56]
  • Thoughts on securing the weakest link in the chain [04:22]
  • How to spend money on tools and make them your allies[05:03]
  • Zack's opinion on end user responsibilities  [06:01]
  • The main cause of most breaches and ways to fight it [06:55]
  • Discussing the tendency of spending money on technology instead of educating humans about security [07:29]
  • Creating an inter-active environment to educate people[08:10]
  • Elaborating on the importance of creating a story to help people retain new information. [09:30]
  • How to create a teachable moment in order to get people to learn. [10:12]
  • Changing the culture of how people learn about security is more entertaining [10:35]
  • Security Awareness training is not easy needs a different educational approach[11:11]
  • Thoughts on security documentation and plethora of policies. [14:07]
  • Zack Schuler’s gives details on his educational approach [15:21]
  • Monitoring educational progress with the help of dashboard [16:35]
  • Zack's concept validation with the help of Knowbe4 . [17:22]
  • What security awareness companies are implementing the training[18:14]
  • Building gamification into a product [20:03]
  • Thoughts on gamification and Jane McGonigal's book Super Better [21:11]
  • Elaborating on the importance of employee education [23:23]

 

 

Feb 17, 2016

Today I had an interesting conversation with Jack Jones. This is Jack’s second time on the show and I loved our discussion. It is a gem of learning and is packed with information that you can use right away. Jack was one of the first CISOs in the United States and he is the inventor of the FAIR model for analyzing Information Security Risk. Jack’s bio is extensive and here is a short list of his accomplishments.

Jack Jones has worked in technology for over 30 years, and information security and risk management for 25 years. He has over nine years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company. He received the ISSA Excellence in the Field of Security Practices award at the 2006 RSA Conference. In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management. Jones is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework. Currently, Jones serves on the ISC2 Ethics Committee, and is the Executive Vice President, Research and Development of Risk Lens, Inc.

Suffice it to say that Jack is a rock star in the Information Security and IT risk community!

6 Key Points:

  1. Why top 10 lists for IT Security are useless]
  2. How to add probability and possibility of events happening into your risk models
  3. How to present data that your board of directors will love
  4. How to develop range into your communication
  5. How to apply critical thinking, logic and Socratic methods to your analysis
  6. How to apply rigor in developing a defensible argument

Sponsored By:

This episode is sponsored by the CIO Security Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

Time Stamped Show Notes:

  • FAIR is a framework of critical thinking and model or codification of risk and how risk works. Provides reference for thing through complex risk problem problems, risk assumptions and enabling risk discussions [04:53]
  • Servicing assumption enabling debate like dialogue in this discussion [05:15]
  • Jack Jones one of the first CISOs. CISO late 1980s. How to present risk? Technique with FAIR possibility vs probability what is it? Eg. McAfee virus impacting company and disrupting operations. Genesis was a 2003 XP system that contractor required them to have on their network. Sophisticated tools. Blindsided for a few days - because an admin was using a personal machine for surfing, so how would somebody apply FAIR. Knew administrator issues. How do you apply FAIR analysis to this? [08:49]
  • In organization that knows it has control deficiencies. In doing risk analysis of landscape and threat landscape we face are the scenarios that could be painful. Develop straightforward taxonomy and availability high level. From confidentiality perspective what are assets would be exposed from and integrity perspective. [10:00]
  • Deeper level of granularity - step-by-step process develop Taxonomy of events that represents loss. Then analyze likelihood of loss [10:39]
  • If organization done that and they might have, when there is significant impact even if the likelihood is low - controls you want to be able to fast detection and recovery. If down for three days, then recovery rate not what is should be. Organization - in a rigorous fashion - lay out the risk landscape which on the surface they understand exist but don't know where it's relative to the other things in their landscape. Way they triage their world and identify set of conditions - work to be done and could have prioritized it more effectively [12:20]
  • Concept of probability vs possibility linked to Russian Roulette. Organizations fall into the trap of possibility and not probability considerations. If we Focus solely on events are conceivably possible and hugely painful - an asteroid strike would come up and what we would do for an asteroid strike. There has to be a probability element - you can't just solely focus on possibility. Possibility of bad events 100-percent but probability might be lower. Crucial in order to prioritize. [14:38]
  • If there was a risk with old systems because of the admin issue it would have and fitted access to work things out how would you reverse engineer that situation [15:09]
  • In that instance - high probability of encountering malware - the only question from a probability perspective is what are odds of encountering malware that their preventative measures aren’t going to handle. Most security professionals would say that that could happen with the regularity so probability is higher. From a threat perspective zero Day stuff happens with some regularity – and we would be able to come up with likelihood estimate. One of the factors that place into the likelihood is the administrative privilege exposure. What it does is it allows the malware to have greater control and broader Impact than otherwise [17:35]
  • Patching situation would be factors in the evaluation as well but they might have - fragile state wholly dependent on that malware situation due to administrative situation and patching situation. They just fragile to the single control element. Within FAIR there is probability and impact and also2 states: 1) fragile depending on single control in an active threat landscape and the other is 2) unstable where an asset you want to protect that exists in a not very active landscape but you don't have any preventative or resistance control. databases - evaluating scenario rogue database administrators. Nothing to stop it. So when you identify unstable conditions you look at how you would resolve and detect a situation because you have no resistant option. [19:36]
  • In evaluating Probability and Impact and two qualifiers fragile and unstable [20:01]
  • How do you estimate likelihood of happening. All kinds of downsides to scales. Doesn’t allow you to effectively articulate best case, worst case, & most likely case - range of outcomes. From a probability perspective not a lot of work to look at industry data relevant to Technologies in this particular organization. Two ends of the spectrum. Do you see the trends what's more or fewer? Using the data set the minimum at 5 that are relevant to technology concerned about Maximum 15 or perhaps 15 or 20 – per year. Depending on quality of data - make the Range wider or narrower. Faithfully representing your range of uncertainty is critical. Put a discrete number. I don't want number I want a range. Two dimensions. The width of the range. And the most likely value how flat or sharply peaked to B. Perk distribution. Expressing range of uncertainty. [24:09]
  • Interesting in profession when you try to quantify something precision take the distance second to accuracy. When I give you a range that incorporates the actual outcomes in my Range – then my range is accurate and you increase probability of accuracy with wider ranges – but diminished returns [26:25]
  • The useful degree of precision with a confidence level you can stand behind – Process of Calibration, How to Measure Anything - Douglas Hubbard a book that covers this beautifully [26:44]
  • Utility for decision-making vs estimatingconcept, in expression ranges - when presenting risk to use decision makers trying to influence decision to make buying decisions. Calibration piece helps the decision maker make this decision [28:59]
  • Blog series written about this - look at ordinal scales organizations rely on. HIGH MEDIUM LOW. They will identify top ten risks they are identified 10 things in the landscape that they would place into a high risk bucket. Top 3 - how do you differentiate in that bucket when choosing why things don't go into the bucket people. Can't identify why things don't go into that bucket they don't think things through with sufficient [30:25]
  • Not very effective if you use quantitative measures quantitative measures allows you to distribute one above another I would focus on the thing that I have less certainty on. The lack of certainty is risk factor that needs to be dealt with [31:50]
  • Telescopic piece and level of sophistication is not sufficiently advanced to explain to business decision maker to explain why they can't spend money in that area so will spend money in this area. How can someone reconcile real security and audit findings – which are at odds [33:46]
  • Key component is applying real rigor to developing scenarios when encryption at rest is relevant. Encrypt your hard drive - very useful. But a lot of scenarios where the data can be compromised and encryption increases risk. Define set of scenarios where data is at risk in that subset where is encryption adds value and where not. Then evaluating impact. Then have means for comparing solutions. [36:35]
  • Playing at the scenarios is sufficient for people to realize which options are better. [37:05]
  • Set of control opportunities that cost a fraction and show through analysis how it reduces risk more than encryption. [37:38]
  • Some IT professionals feels that (engagement) implies combat. They feel they are protecting an organization so we are asking a government entity auditor but what about educating people to prevent risk. [38:55]
  • People are hesitant to go toe-to-toe against a regulator auditor –operating from intuition. They haven't applied rigorous approach to developing argument - sometimes intuition is wrong and then you realize there right. That's ok. But very often intuition is right. Need framework (like FAIR) for critical thinking through complex problems and developing argument and rationale and surface assumptions making estimates - put before the auditors, if you go through the process to the authoritative figure have you has not applied any rigor to it [40:35]
  • Critical thinking, the Socratic method, logical way of thinking. Interesting to back-up intuition with a rigorous reproach to have a defensible argument [41:21]
  • Save looking at problems and potential Solutions and more rigorous critical-thinking-like fashion is hugely valuable. Just having the framework for discussing and debating things – hugely valuable. [42:27]
  • Another component is normalizing terminology. [43:02]
  • FAIR model - really valuable. Every organization’s risk summary includes top 10 risks and that includes cybercriminals, social engineering, change management, mobile media and cloud computing. And if you look at those - cybercriminal threat community and cloud computing – technology, change management is a control element. It's like comparing apples and oranges. Those are not loss scenarios. FAIR Institute Blog that discusses this. How organizations are identifying and managing top 10 risks and it's a huge problem. We cannot expect to mature if we can't get a fundamental nomenclature correct [45:53]
  • What are the easy steps that someone can transform the top 10 list lost scenarios change the top 10 list? [46:21]
  • Create 2 lists of the top loss scenarios - taxonomy is a list of outcomes. Taxonomy is a categorization. Categorize loss events to a level of abstraction that’s balanced. Balance to be struck. easy to recognize with that balance lies as you go through the process. Qualitatively or quantitatively then do a probability & impact around those and that will tell you which off top 5 or 10. [48:02]
  • Other list - control deficiencies. Risk assessment is controlled assessment. How to prioritize what contributes most of this risk. That identifies top control positions. Cant mix together. Simple way - get handle on risk landscape and determine focus. Look at list of top 10 deficiencies - map them to which scenarios highly relevant less likely relevant - these three or four need to be hitting these hard. We can say over time this will reduce or change this list scenario. [49.24]
  • Recognizing you have to have two lists - top 10 less list is worse than useless you can't compare because it's misinformation in the worst way [49:47]
  • Recommend Measuring and Managing Information Risk: A FAIR Approach co-authored with Dr. Jack Freund. FAIR Institute where to get education at the ecosystem of people in organization to Leverage framework. Universities taking part. Institute, free copy of book but different membership levels soft launch in December formal launch in February [52:10]
  • The org (owns IP for Unix) has resources for FAIR and certification for practitioners. Risk Lens blog resources case studies and the book [52:22]
  • Risk lens does fair Consulting and Open Group is organization but only intellectual property and they adopted her Institute have found her [53:06] 

How to get in touch with Jack:

Key Resources:

Credits:

 

 
Feb 5, 2016

In this episode, I interview Jean Gomes, CEO of DPA—a business consultancy that helps organizations improve performance through people—Chairman of The Energy Project Europe—helping organizations build sustainable high performance cultures through energy management—and trusted advisors to more than more than 50 CEOs. Listen as Jean and I discuss the undervalued importance of bringing the right energy to a business, why measured breaks are one of the fundamental keys to success, and how we can better intentionally activate the creative half of the brain.

Sponsored By:

  • CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

  • 03:21 – Bill welcomes Jean to the show
  • 04:00 – Why energy always beats talent
    • 05:40 – Two teams can be equal in talent, but the team that has more energy will have 8X-10X top line revenue
  • 05:57 – Vision and commitment will lead to sustainable high-performance every time
  • 06:54 – The top two ways we can change how we show up at work
    • 08:03 – Physical—sleep, eat, exercise, etc.
    • 08:37 – Emotional—how much time do the spend in the negative vs positive
  • 10:45 – The scientific value of taking breaks
    • 12:35 – The human body is designed to work in cycles—sprint, recover, sprint, recover
  • 14:36 – What humans can do that computers can’t—take responsibility for difficult decisions, and form deep, interpersonal, human relationships
  • 15:33 – We need people to be more human in the workplace
  • 18:00 – Speed gets in the way of traditional human decision making
  • 18:38 – Most organizations are in the mode of “how to we defend the status quo”
  • 19:34 – Leaders who don’t give themselves space to be creative aren’t leaders—their managers
  • 20:14 – Recovery is the opposite of what you’re currently doing
  • 21:54 – Teach your brain that it can switch off
  • 22:58 – Consciously dedicate more of your brain to the creative
  • 25:43 – “Not thinking” is the best way to truly think—to obtain new insights, new perspectives
  • 27:24 – Don’t take the victim mindset of “I don’t have time”
  • 30:53 – Make the shift from “I have a body” to “we are a body”
  • 33:45 – Start with the cost opportunity to start making changes to daily habits one at a time—narrow down on something small
  • 35:40 – Emphasize the importance of renewal in your life—computers don’t need to renew…we do—be human, make waves

3 Key Points:

  1. Make the mental shift from “I have a body” to “I am a body.”
  2. Don’t pointlessly defend the status quo—have a good reason. If you don’t, embrace the momentum of change.
  3. Good energy always beats good talent.

Key Resources:

  • Jean Gomes – Today’s guest
  • DPA – Jean’s business consultancy
  • The Energy Project Europe -- An organization dedicated to helping companies create sustainable and healthy high performance in the workplace

Credits

Jan 27, 2016

In this episode, I interview Rahul Kashyap, Chief Security Architect and Head of Security Research at Bromium, a company that focuses on stopping cyber-attacks where users are most vulnerable—the endpoint—through virtualization isolation. One of Silicon Valley’s 40 Under 40, Rahul has built a career around developing cyber defense technologies that focus on exploit prevention. At Bromium, Rahul manages R&D and product security, while simultaneously conducting robust industry outreach, speaking at leading security conferences including BlackHat, BlueHat, Hack-In-The-Box, RSA, DerbyCon, BSides, ISSA International, OWASP, InfoSec UK and others. 

Sponsored By:

  • CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

  • 02:00 – Rahul joins to the show
  • 02:41 – Talking about the 40 Under 40
  • 03:30 – The importance of being “unstoppable”—no one believes in you at the front-end—you need to be relentless in your confidence and determination
    • 04:47 – The genesis of being “unstoppable”
  • 06:05 – The importance of taking on big challenges versus small challenges—Rahul’s Gandhi example
  • 06:43 – We are a function of the problems we choose
  • 07:25 – Even when you don’t hit the target when you take on a “big challenge” when you fall, you’ll fall somewhere along the path and that’s a great place to be
  • 07:55 – The problems Bromium tackles
    • 08:34 – Attackers have found a soft-spot—the end users—and all it takes is one bad click
    • 09:12 – Attackers have nothing to lose, and end-users will continue to make mistakes
    • 09:44 – No one can build the perfect security engine—it’s impossible
  • 10:15 – The key is not worrying about users making mistakes, or attackers attacking—the key is isolating the attack at the end-point and confining it there
  • 13:25 – Bromium focuses primarily on desktops, laptops, and tablets
  • 14:00 – Micro-virtualization is at the executable side
  • 14:46 – Rahul defines Bromium Labs
  • 16:09 – Defensive security versus offensive security
    • 16:52 – Every security company should invest in offensive security because it most accurately resembles how hackers think
    • 18:23 – Offensive security gives you the Why
    • 18:44 – Defensive security gives you the How
  • 20:04 – Anti-Virus is approximately 5% effective
    • 20:30 – It has lost its efficacy because the technology—in principle—hasn’t evolved
  • 22:45 – Bromium Labs’ first focus is to keep your network from getting infected in the first place
  • 25:35 – Does Bromium need to be run in isolation or can it bundled into the software stack at the end-point?
  • 26:49 – The security architecture behind managing disparate end-points
  • 28:02 – Bromium’s pre-deployment analysis tool is under development but will launch soon
  • 28:28 – Bromium’s partnership with Microsoft for Windows 10
  • 30:33 – The frequency of patching has become SUCH a burden for small business, which is why Bromium developed a unique position towards patching
  • 32:15 – Patching is often human error related
  • 33:48 – It’s a new way of doing security—isolation versus prevention
  • 34:16 – Sandboxing, Hardware enforced isolation, micro virtualization
  • 35:18 – Most of your browsers already have a sandbox
  • 36:55 – Companies are tired of investing in so many security products…the industry is too fragmented—Bromium is looking to change that
  • 38:08 – It’s vital to understand the architectural limitations of each technology
  • 38:55 – Rahul’s favorite new technology?—Hive which is exploring the intersection between big data and security
  • 40:48 – Rahul shares his thoughts on machine learning and A.I.
  • 42:33 – Rahul has taken up kayaking to manage stress and stay focused…and Call of Duty on X-Box One

4 Key Points:

  1. We are a function of the problems we choose—an important concept to live by.
  2. The true soft-spot in today’s cyber-security market is the end-user—end-users always have, and always will make mistakes that result in compromised systems and networks.
  3. It is impossible to engineer a perfect security system—the threats change to rapidly—instead of trying to focus on prevention, let’s focus on technologies that accept attacks as the inevitability they are…technologies that let an attack happen, but isolate it immediately at the end-point.
  4. The cyber-security business (like most businesses) can be extremely taxing—find an outlet for healthy stress management.

Key Resources:

  • Rahul Kashyap – Today’s guest—Chief Security Architect and Head of Security Research at Bromium
  • Sandboxing – Default security mechanism that operates through isolation of threats, now available on most browsers
  • Bromium Labs – Dedicated to advancing the “state of the art” of information security by performing advanced research into current and future security threats.
  • The Hive – An incubator that uses deep learning (a new discipline in AI) and neural network models to automate the learning of data representations and features.
  • Micro Virtualization – A proprietary technology that abstracts applications and sub-processes from hardware and runs them in isolated environments.

Credits:

Show Notes provided by Mallard Creatives

Jan 21, 2016

In this episode I interview Michelle Gielan, Founder of the Institute for Applied Positive Research, former CBS News anchor, and author of the Bestselling book, Broadcasting Happiness. As a psychology researcher, Michelle’s work has been featured in The New York Times, Washington Post, FORBES, Harvard Business Review, and on the CNN and FOX News networks. Listen as Michelle and I discuss the power of positivity, our responsibility as individual broadcasters, and how business leaders can radically improve employee performance by bringing the right attitude to the office. 

Sponsored By:

  • CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

  • 01:02 – Bill welcomes Michelle to the show
  • 01:30 – How Michelle went from being a computer engineer, to news anchor, to psych researcher
  • 01:55 – Do work that fits your calling—that helps you serve the world
  • 02:30 – At the height of the recession, Michelle was broadcasting negativity every day which took its toll and is ultimately why she left
  • 03:30 – Defining positive psychology
    • 03:50 – How can we—once we get people to baseline—get them to thrive?
  • 04:45 – When we make small changes in the way we communicate with people it radically alters how impactful our interactions can be
  • 05:09 – The science behind positive psychology
    • 05:43 – We’re all broadcasters—we all have influence and power over others
    • 06:12 – When leaders come into the office with a negative/stress mindset, it’s broadcast to the employees
    • 07:48 – The pre-frontal cortex
    • 08:05 – The dopamine hit and the risks of addiction
  • 08:35 – Small complements to employees result in small dopamine hits which results in better productivity
  • 10:05 – The brain is like a muscle—we can change it, we are not dealt a set hand of cards
  • 11:05 – How much support your organization provides can radically alter the on-job performance of your employees
    • 11:50 – Work optimism
    • 12:00 – Positive Engagement
    • 12:06 – Support Provision
  • 12:45 – What you give is what you get in terms of positivity
  • 13:28 – Look at challenging or stressful situations as opportunities to be a hero
  • 14:30 – Exercises and habits to re-writing how we think
    • 14:58 – The Power Lead
  • 16:25 – Michelle’s work with Nationwide Insurance
    • 17:28 – The changes invoked via Michelle’s team 3X’d Nationwide’s sales
  • 17:39 – Rethinking small business practices, and showing up fully as leaders can radically improve your operation
  • 18:55 – Those small conversations you have with your employees in the hallway, in the breakroom, etc. add up in a BIG way
  • 19:45 – As a leader, you are complete responsible for how you show up
  • 21:09 – Michelle’s practical tips
    • 21:27 – Beware To-Do lists—make sure it includes “wins”
    • 23:09 – Instead of trying to fix flaws, focus on strengths and accomplishments
  • 24:37 – BUSY PEOPLE!—craft your early morning experience with positivity so it can fuel you the rest of the day
  • 25:43 – Transformative Journalism—less on the problem, more on the solution
  • 26:48 – Negative events will befall us…it’s what we do with those experiences that matters
  • 27:10 – Michelle’s idea billboard—you are a broadcaster and the message you choose to broadcast will radically alter those around you.
  • 27:55 – Broadcasting Happiness Website

4 Key Points:

  1. We’re not dealt a fixed set of cards—don’t be afraid to change directions and pivot your focus, that’s how Michelle went from computer engineer to broadcaster to author.
  2. Stop dwelling on the negatives in your life—focus on your strengths and accomplishments.
  3. We are ALL broadcasters and we are all responsible for the message(s) we broadcast.
  4. Rethink your small business practices—cherish those hallway or lunchroom conversations with employees, and make sure you show up in a state of positivity every day.

Resources Mentioned:

Credits

Show Notes provided by Mallard Creatives

Jan 13, 2016

In Episode #38 Bill interviews Eric Vanderburg, a thought-leader and Director of Information Systems and Security at JurInnov, a cyber security and forensics company that helps businesses get back on their feet following a security breach.  Listen as Bill and Eric discuss life as “Sherriff of the Internet,” virtual versus augmented reality, and various elements of upscale IT security. 

Sponsored By:

  • CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

  • 01:40 – Bill welcomes Eric to the show
  • 02:01 – What it’s like being the “Sherriff of the Internet”?
  • 03:10 – Microsoft Hololens—Microsoft’s take on Google Glass
  • 04:48 – Eric defines an innovative, real world application for Microsoft Hololens
    • 05:47 – Fashion
    • 07:31 – Other applications for Hololens
    • 07:59 – Video conferencing
  • 08:53 – Eric defines his idea generating process
  • 09:39 – Virtual reality is cutting us away from the real world, whereas augmented reality allows reality and the virtual to coexist
  • 10:49 – The problem with technology is that it allows us to connect at such grand scale that—in some ways—it prevents us from actually connecting
  • 11:30 – Virtual reality and augmented reality are both industry terms
  • 12:19 – How Eric forms his ideas and brings them to market
  • 13:27 – Eric’s top 2-3 sites for leveraging security information
  • 14:44 – Ideas can be lost real fast—capture them as they arise
  • 16:09 – David Cross of Microsoft Azure
  • 16:50 – Muse
  • 18:58 – Data can help us to train our brains
  • 19:19 – Heartmath
  • 21:25 – The medical device industry is growing at 400% per year in terms of technological advancement
  • 21:46 – Explaining corporate espionage and how inter-company hacks work
  • 23:34 – The dark web makes it incredibly easy to perform corporate espionage
  • 24:44 – Countries go through a maturity process where technologies are simply stolen
  • 27:00 – Eric’s role as an expert witness in IT Security trials
  • 29:15 – The importance of the investigative track
  • 30:00 – eDiscovery as it pertains to email and file systems
  • 31:09 – Before adopting a technology, you need to fully understand and appreciate all the potential impact it can have
  • 32:20 – You can say something 1000x times but until it actually happens to them, most people don’t pay attention to all the risks
  • 33:08 – Top questions for a CIO to ask to start the impetus to plan for an attack
  • 36:48 – Hybrid clouds versus full-cloud deployments
  • 38:44 – When data is in unstructured file types, the normal tools used to run against it are ineffective
  • 39:46 – Subtopic for a CIO Mastermind—finding qualified talent
  • 41:01 – How AI will impact IT Security and Business IT Leadership moving forward
  • 42:26 – Theses days, data is used to gather even more data, which is then used to create revenue
  • 43:00 – Bots are just the new wave of malware
  • 43:27 – We are in the midst of the Cold War of technology
  • 44:38 – Businesses are struggling to even deploy anti-virus software
  • 45:12 – It behooves business owners to evaluate the methods and means in which their IT will be used
  • 46:58 – IT Security awareness needs to be ramped up

3-5 Key Points:

  1. The future isn’t in virtual reality, it’s in augmented reality.
  2. Technology has given us the ability to connect in ways never before imagined—that being said, if abused or misused, it actually drives us further apart.
  3. Fully understand a technology before bringing it into your home or business.
  4. As the years progress, expect most businesses to favor hybrid cloud solutions over full-cloud deployments.

Resources Mentioned:

Credits

Show Notes provided by Mallard Creatives

Dec 18, 2015

Today I had an interesting conversation with Ken Westin. Ken is commonly referred to as ‘The Good Hacker’ and has spent the past 15 years working with law enforcement and research teams to analyze current and emerging threats to determine how our everyday products and gadgets can mitigate these threats.

He is regularly reached out to as a subject matter expert in the area of security, privacy and surveillance technologies.

In our industry people do a lot of talking about how they want to stop cyber security threat, developing technologies they hope will stop threats, but rarely do you actually come in contact with people actually demonstrating a track record of success thwarting, mitigating and bringing people to justice.

This episode is sponsored by the CIO Scoreboard

What you will learn from this interview:

  1. The secret lives of applications that live on our phones. What information are these apps gathering that we’re not aware of and where exactly is that information going? How can this information be used against us and why are these data harvesting protocols not mentioned in the privacy policy or terms of conditions of many apps?
  2. Black Hat tools and where to find them to see what your adversary sees about YOU!
  3. Questions that Boards should ask about what information that they are tracking about customers
  4. The importance of education and security
  5. Efficacy and relevance of Cyber Liability Insurance
  6. The Cybersecurity elephant in the room: companies tracking and selling our private information
  7. Orchestrating threat intelligence by automating and tracking compliance workflows
  8. The importance of Data Security Analytics
  9. If you are not investing in a product or app then you are the product

How to get in touch with Ken:

Twitter

LinkedIn

About me Profile

RSA Profile

RSA Conference Session – Killing the Kill Chain

LinkedIn Published Articles

Ken Podcast I enjoyed at Tripwire site

BBC article – “I’m a professional cyberstalker”

Mobile Privacy articles

Defcon Talk: Confessions of a Professional Cyber Stalker

Resources Mentioned:

USBhacks

ID Experts – Radar product – Helps with hi profile breach cleanup cases

Kali Linux Distribution

Offensive Security

Tripwire– Automation of Security Compliance + Workflow

OpenDNS

Passive Reconnaissance

Maltego

Tripwire

STIX

TAXII

FS-ISAC

Soltra

Bill’s interview with Aharon Chernin, CTO of Soltra

 

Summarized Show Notes:

  • How Ken got started in the technology world and different technology he developed to aid in theft recovery
  • Empowering people with technology. Criminals take the fun out of technology, dealing with hackers in particular. Ransomware - impact on business. Consumers are now able to defend themselves in a hostile environment
  • Being knowledgeable about what is possible and raising people’s awareness makes a difference.
  • One of the biggest threats right now is marketing departments that develop spyware and gather information through apps, ad libraries. A lot of information is being harvested from our phones
  • If you’re not paying for the product, you are the product
  • Hackers are not the ones that collected the information from people. So how can we secure the information? We need to ask ourselves - what information do we need to collect in order to do business? Companies are collecting information with immunity. If you are collecting that information - you need to be responsible for what you do with it.
  • Mobile software for tracking stolen devices and camera recovery, there’s always a trace
  • Passive Reconnaissance – it’s amazing how much information you can gather through this without touching the network. Can scan network for vulnerabilities without touching it. Just through DNS records, could map Infrastructure, IP ranges, harvest information through LinkedIn. From there, he could identify the technologies he would run into when inside the network.
  • Hackers involved in the Target breach – they did their homework, they could identify who their business partners were and send phishing emails
  • How can one map the network without touching it, inside the firewall?
  1. Identify the IP ranges they are dealing with
  2. Through DNS records - identify 3rd party vendors - HR Services, subdomains for special one off projects, marketing projects, Salesforce etc.
  3. Trusted business partners and vendors
  • Maltego - tool for open source intelligence gathering and threat intelligence integrations
  • Recommendations for a security beginner trying to understanding an external view
  • Offensive security and penetration testing tools and training resources, videso and tools for open source intelligence gathering
  • Key points: awareness and security training in general
  • In security, we like to learn, that’s why we’re good at what we do and I think everyone in the business needs to take that on. Ignorance is no longer an excuse especially on the business side
  • We’re seeing a lot more boards care about security, investors and startups caring about security
  • Boards asking about cyber liability insurance
  • With cyber liability insurance, there isn’t a lot of data, a lot of it is guessing and with that, a lot of exclusions that get included from these policies and now with the breaches
  • With the recent breaches we’ve seen, between Target and Sony, they’re seeing that the cost of a data breach is higher than originally thought when you start to think about lawsuits and identify theft insurance. Insurance companies are starting to put a cap on how much they’re liable for.
  • Need to secure your infrastructure before you get your cyber liability insurance
  • Marrying real security rules - configuration of compliance and real security.
  • Data Analytics - Security Analytics is key. Being able to correlate the data is the challenge to identify the real threat to the environment.
    • Starting to see more correlation between vendors, more open source for threat intelligence
  • Vendors bringing in data scientists with the data they collect and making it easier on the clients to identify anomalies and the signal to noise ratio
  • How does Ken see the space maturing to a point which is meaningful to a small to medium business? Tools such as Open DNS, taking complexity away from the businesses. But business can leverage the big data and threat intelligence. Larger businesses will have to have their own teams. Make sure to identify what's happening in their own network.
  • STIX/TAXII integration – more and more vendors will start to use this and businesses need to ask their vendors if they are compliant with STIX and TAXII
  • A lot of industry clout with Soltra and FS-ISAC. Mitigate threats and share information. 46:36
  • The devil's in the data. Being able to make sense of the data. Harvest the data. There is data there telling you a story, just a matter of you finding it. Harvest the data.

This episode is sponsored by the CIO Scoreboard

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter.

Dec 16, 2015

This episode is sponsored by the CIO Scoreboard

I have never been particularly impressed with people who achieve meteoric results in business if other areas of their lives are going in exactly the opposite direction or are stagnant. What good is it to satisfy shareholders if your kids see you rarely or they see you but you are not present with them? Or you achieve business goals but skip your thirties with exercise because you feel that you can’t afford to take the time.

Since my twenties, my bigger fascination has been to find models of success that incorporate all areas of life (business, family, relationships, health and spirituality) as a vision of success. My interest has been to find and learn from well-rounded people who have a mission and focus on positive impact in all major areas of life. They are far more interesting and usually get great business results as well.

Notably, one of the patterns of highly self-actualized people that I have observed is that they have some combination of experts, trainers, coaches, thought leaders, mastermind groups, etc around them to help them reach the highest levels of performance and to ‘be’ the best expressions of themselves multiple areas of life.

Some Fortune 500 companies invest in Executive Coaches for top level executives in order to make sure that their investments in critical leaders and the teams and assets they lead are optimized for performance. There is quite a lot riding on peak performance. The better a corporate leader performs, the better the company does. It is quite simple. Leaders need coaches just like athletes.

I asked myself - what do top Executive Coaches do with their clients to achieve great results? I wanted to know so I asked Gail.

Gail is super impressive. She has been working with top leaders of American businesses now for the better part of 25+ years in the areas of Executive Leadership Development, Lifestyle Management, Wellness, Succession Planning, and Strategic Business Planning. She is one of the best at optimizing business executives in all areas of life.

Her level of professionalism and insight is off the chart. I stumbled into her while reading her gem of a book All Together Now: Vision, Leadership, and Wellness and as a result reached out to her since I couldn’t stop taking notes as I read it. She approaches business and personal performance as one and the same and believes they are intricately linked.

I am on a mission to get you to operate at the highest levels you can in all areas of life. In this episode we discuss:

  1. The force multiplying power of integrating vision, leadership and wellness at a corporate and personal level.
  2. The importance of high degrees of executive self-awareness so you can be observant of how your behavior impacts others.
  3. The impact of clarity and vision within an executive’s company and family.
  4. We explore asking yourself the question “Why” and how, when you ask yourself why?, It develops clarity around a vision.
  5. Why the Biggest hurdle for IT Leaders is Emotional Intelligence EQ.
  6. Why being proactive with our own health is imperative and what to ask yourself in order to prepare for a doctor visit.
  7. The importance of meditation, mindfulness and forgiveness and how learning these skills can help access reserves of resilience.

Gail Voisin is the CEO of her coaching and consulting practice in Toronto, Canada, She is an international Executive Coach and trusted advisor to corporate executives in North America and globally. She is an author of her Book - The All Together Now Advantage™, which is a proven success. With her unique background and combination of skills, she integrates and links Vision, Leadership and Wellness to strategic plans and organizational objectives to measure Return On Investment (ROI).

How to get in touch with Gail:

Website

LinkedIn

All Together Now: Vision, Leadership, and Wellness

Resources Mentioned:

Summarized Show Notes:

  • The genesis of Gail bringing health and wellness into corporate strategies and key breakthroughs. When working for a Fortune 1000 - go across to hire different staff. Staff were working long hours and had no place to exercise and at the same time women in the test kitchen were taste testing and gaining weight giving way to Gail being a pioneer, or suffragette and convinced president to allow them to study fitness. At the time many executives were skeptical and said “what does fitness have to do with productivity”. Healthier employees - improvement in productivity and processes. Wellness and health are critical aspects of success.
  • Gail has worked with executives in top companies in North America. What is a business executive coach? A coach coaches in areas in vision, leadership and wellness and integrate these into their business plans. To maximize performance whilst achieving a balance of wellness in their lives. Why so successful? She’s developed an integrated solution with a compelling brand. Value added coach that works. About the profound power of integrating vision, leadership and wellness. The integration piece is powerful.
  • New global world has many challenges for CEO. Requires a unique set of skills. They are accomplishing more but expending less energy. To be highly successful - high level of self-awareness, and understand how their behavior impacts others.
  • Details regarding coaching: what does this structure look like? Mechanics of coaching relationship at highest level. Has to be a chemistry and initial meetings have to be face to face.
  • Is it high degrees of motivation that people approach coaching or companies mandating it?
  • It leaders in the world - unique challenges. Why is connecting with personal vision so important? Vision needs to be so clear and laser focused that your passion is ignited. Values are foundation for the vision.
  • The more you explore the WHY - helps develop clarity around personal vision. Purpose for living - ignites passion. Personal vision has to be in line with corporate vision.
  • Leadership programs linked to neuroscience, that’s where the future is going.
  • Bringing the whole individual to bear on their life and not segmenting.
  • There are six key leadership competencies:
  1. strategic thinking,
  2. communication,
  3. emotional intelligence,
  4. negotiation and conflict management,
  5. managing energy and time,
  6. mastering lifestyle management and overall wellness.
  • Biggest hurdle for IT executives is communication skills and Emotional Intelligence (EQ) - Most IT executives are extremely bright with good intentions. But their natural inherent skills are more on the technical and IT side of the business and not enough on the communication and emotional intelligence side, In other words, the IT skills come more natural to them then to others, yet the softer interpersonal skills, the communication seem to be more of a challenge. Similar to engineers.
  • IT executives have so much to significantly contribute to the organization, so when these competencies can be enhanced, it takes the organization to a whole new level.
  • When an executive can utilize their logical and analytical business sense alongside a highly developed EQ, they are much more likely to achieve extraordinary success. If an executive's EQ is low, it is a distinct disadvantage. Can't improve IQ but you can improve EQ. 26:35
  • Results are not only life changing to executives, but to the families around the individual.
  • Demonstrating the link, the EQ has a direct impact on work, but also the spouse and children.
  • How do we fully qualify, and how to approach health in general for an executive. Need to be an advocate for our own health. Your health is your wealth. The healthier the more productive you can be. Be connected in your community, to network and find out.
  • Concept and power of Mindfulness - Meditation and Forgiveness. Forgiveness first - as an IT executive you can be blamed for things that go wrong. If things go well it is silent, and if not, then everyone hears about it.
  • Forgiveness, just like meditation is becoming more and more important for people to understand.
  • It is important to not be so hard on ourselves. "Big part of forgiveness is key to our health". Dr Bernard Jensen "Forgive others who offended, and say I'm going to love you whether you like it or not." William Dyer: "Who am I to judge you or anyone? Given the conditions of your life, you did what you knew how to do. You can’t ask anymore of anyone. "
  • Meditation and Mindfulness: Mindfulness - Jon Kabat-Zinn, PhD - MBSR - mindfulness-based stress reduction. Meditation is the practice and process of paying attention and focussing on your awareness. Over the past 20 years slow shift happening and meditation is becoming more popular. In the past, executives became used to meditation to overcome a crisis. Change the perception of meditation in the corporate world. Different types for different executives - depending on their needs. Mindfulness is being present in the moment. Can be very helpful to connect to what happens.
  • Practical mindfulness can be practiced in every-day life. Practice mindfulness while you wait. Whether waiting in a line or stuck in traffic. Mindfulness and Meditation can help the IT executives access the reserve of resilience.
  • It’s not a competition, it’s a journey. Mind triggered into flight or fight response. If we can’t establish dominion over the world, then it will affect our health.

This episode is sponsored by the CIO Scoreboard

 

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe below for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.

Dec 2, 2015

This episode is sponsored by the CIO Scoreboard

In this episode I interviewed Tyler Cohen Wood who has an impressive amount of experience in Cyber security, and Digital Forensic Security - in addition to helping the White House, the Department of Defense, The Intelligence Community, Federal Law enforcement and even NASA.

In our discussion on security, we talk about the different protections available on Social media and the different types of cookies and how to ensure that you are protecting yourself and your family to the maximum. Read further for more information as we discuss the following important points:

  • The best protection is knowledge of how things work
  • Super cookies, zombie cookies, flash cookies
  • The importance of turning off Exit data on photos that will be uploaded to social media sites
  • Downloading Apps - Understanding what you are doing and what you are potentially giving away to companies
  • How do others perceive you online? How to research yourself online and see how others perceive you
  • Be aware of your individual personal “brand”
  • Executive Travel - posting your travel plans and location of working from home or working from a coffee shop
  • How to understand online deception and vette people.
  • How to become a human lie detector with statement analysis
  • Teach your kids how to use a checklist to keep themselves safe online

As a business leader who wants to be fluent on the impact of current privacy and security challenges, you will find Tyler’s message educational on both the personal, work, and family areas of your life.

Tyler Cohen Wood is an expert in social media and cyber issues. She was a senior officer and a Senior Leader and Cyber Branch Chief for the Defense Intelligence Agency. She was a cyber branch chief for the Defense Intelligence Agency (DIA) within the Department of Defense (DoD) where she makes decisions and recommendations significantly changing, interpreting, and developing important cyber policies and programs affecting current and future DoD and Intelligence Community policies. She previously worked for the Department of Defense Cyber Crime Center as a senior digital forensic analyst, using her expertise in intrusion, malware analysis, and major crimes to bring about many successful prosecutions.  Before joining the DoD Cyber Crime Center, she was employed at IBM and NASA as a senior forensic analyst.

She wrote the book Catching the Catfishers, where she explores the digital footprints that we all leave behind, whether we realize it or not. The book sheds light on a comprehensive set of online security components and teaches readers how to best protect their personal information from being put out and circulated on the web.  She co-authored the textbook Alternate Data Storage Forensics and was featured in Best Damn Cybercrime and Digital Forensics Book Period.

How to contact Tyler:

Website

LinkedIn

Twitter

Facebook

You Tube

Vimeo

Books:

Catching The Catfishers: Disarm the Online Pretenders, Predators and Perpetrators Who Are Out To Ruin Your Life

Alternate Data Storage Forensics

Resources Mentioned:

Spokeo

EU regulations

Rogue Base stations

Stingray

Statement Analysis

Exif Data

Cyber Dust

Summarized Show Notes:

  • “The best protection is knowledge of how things work”. You don’t have to become a coder, but think outside the box and how things can be a threat to you, your family and corporation.
  • Understanding the impact of a company like Spokeo. Thoughts on personal privacy – do we have any anymore? Even if you never go on Social media or don’t use a smart phone. But there are other people posting things about you. You have a digital presence. When you read the Terms of service on apps, they will tell you what they are collecting and how they are collecting.
  • We should try to secure companies with data like Spokeo. The book is about what we can do individually to take control. EU regulations - will be interesting to see what happens to see how companies can work around data.
  • Photos - takeaways regarding privacy settings on this. Exif data. Pinpoints the exact geographic location from where the photo was taken. When you are dealing with a predator after your child, you don’t want too much information being taken from your child. Bad guys - are really good at what they do. But you can turn it off.
  • Knowledge is empowerment. Understanding what you are doing and what you are potentially giving away to companies. Decisions can be made on what you want to do to use it.
  • Cookies - obscuring identity through proxy systems. Super Cookies, Zombie Cookies and Flash Cookies. Cookies have a format - you can delete cookies. Usually used to auto-login to a site. But now - different companies are getting smarter and using zombie cookies that are harder to remove. To find out more about you to sell you stuff. Things you can do if you want to protect yourself. Don’t use applications as much, try to use the websites. Sometimes the cookies are polymorphic.
  • Insurance companies and health companies - building profiles on us, with automated tools. Powerful tools - building up a story about us online.   Sometimes people are more realistic about who they are on social media, sometimes not. IRS - utilizing this technology. This is stuff we have chosen to put out. When you take the posts from the perspective of an HR person would to find out about you - you might find out a lot about you to find out who you are. If you never post things, but you like a certain persons posts. That will tell us a lot about who we are as people.
  • How do we assert some sovereignty over our life? What would an observer see about ourselves? You want to research yourself online. Sometimes privacy settings change. Do you want employers seeing this and a bunch of strangers seeing this? It’s a perception. Perceptions become reality.
  • Think about it as your brand. When you post about your children and how your children are doing. Privacy settings can and will change. If you are posting things which you think is private. Someday that information might be available to college boards or recruiters. Set up a private group if you want to talk to a private group.
  • As an executive, it’s very easy to find your address. Very easy to set up things like man in the middle attacks targeting that particular person. Rogue Base Station, Stingray, IMSI catcher. Those people can put updates through malware that given them control of your device. Base station you put in that your phone will connect to as the strongest signal that may be in a coffee shot. You will go through the rogue base station instead of the actual provider signal. People learning your pattern of life.
  • Catching the Catfisher - what does it mean? What is purpose of the book? Teach people how to understand Wild West domain and empower themselves in ways that are easy to understand. To read deception in the online domain. Understand if those you are talking to are really who they say they are.
  • Value in the book from purely understanding deception and becoming a human lie detector. Statement analysis. Deception techniques are important.
  • Having a checklist is a way to engage your kids in the security instead of them feeling attacked
  • Browsers can take control – Tyler personally uses Chrome. Added security features. Depends on what you want to use.
  • Instant messaging - cyber dust. IMs. Context of messaging versus transport of messaging. Cyber dust - it disappears. If traversing through a network and network is keeping those packets it can always be re-constituted. There are low tech solutions to high tech issues. Someone can take a photograph of what you sent and send that around.
  • As society we have to be aware of what we are putting out there because we don’t know where we’ll be 5-10 years from now.
  • If there’s something that you want to do, don’t let anybody tell you that you can’t. If there’s something you want to do and you know it’s right, go for it, because you can do it.

This episode is sponsored by the CIO Scoreboard

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe below for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.

 

« Previous 1 2 3 4 5 Next »