Today, my guest is Roger Grimes.
Roger's expertise in the field of computer security is unparalleled. He describes himself as the best in the world when it comes to computer security defense- and he has the credentials to back up this assertion.
He works with Kevin Mitnick who he calls the best Offensive Security guy in the world, but he calls himself the best when it comes to Defense.
As all of you know by now I love Offense and Defense Innovation so this interview falls squarely into the category of Defense Innovation for sure.
With more than 40 computer certifications and twelve books authored or (Co-authored) on computer security, Roger has spent over three decades imparting his knowledge to audiences worldwide.
His current title is Data-Driven Defense Evangelist at KnowBe4. He is the author of the new book, Hacking Multifactor Authentication.
Roger is a 33-year senior computer security architect and cybersecurity veteran specializing in general computer security, identity management, PKI, Windows computer security, host security, cloud security, honeypots, APT, and defending against hackers and malware. He has worked at some of the world's largest computer security companies, including Foundstone, McAfee, and Microsoft.
In this time of remote workforces and distributed endpoints, Roger advocates for Multi-Factor Authentication. However, MFA is not the end all be all for security. The vast majority of hacking doesn't care about your MFA. It's all about reducing your risk, according to Roger.
Throughout his many years in the industry, Roger a universal mission that drives all of his actions- to make the internet a safer place. Roger says if he leaves the Earth without accomplishing that feat, he has failed.
I also provide how you can connect with him on Linkedin. He has over 25k followers.
We've been sold by the industry that MFA is a Warm Blanky and Panacea for all security ills.
Learn more deeply about this topic as it is critical to your distributed security architectures moving forward
I'm excited to share this conversation with such a distinguished and world-renowned Security Defense Specialist.
Here are useful topics, books, and resources discussed and what you will learn as you listen:
Why most companies today fail in risk-based security and how to avoid the most common pitfalls.
The benefits of enabling application control software like AppLocker in audit only mode.
Why assuming just because you have MFA that you can't be hacked is false and how smart application of MFA will reduce your risk of getting hacked.
Why push applications like FIDO are more effective than SMS-based multi-factor authentication.
The highest risk areas CIO's and CISO's need to avoid falling into when dealing with MFA.
Why MFA and other security measures like it are all about reducing your risk instead of eliminating it completely.
How to Connect with this Guest:
Technologies referenced in podcast:
Troy Hunt’s “Have I Been Pwned?”
Kevin Mitnick's “Mitnick Security”
FIDO Alliance Framework
Books Published by Roger A. Grimes Referenced in Podcast:
Hacking Multifactor Authentication , 1st Edition, By Roger A. Grimes. Published by Wiley, 2020
A Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be Using, 1st Edition, By Roger A. Grimes, Published Independently, 2017
You can go to the show notes to get more information about this interview and what we discussed in this episode. You'll find the show notes at redzonetech.net/podcasts.
Leave A Review:
Love this episode? Share it with your LinkedIn community here.
If you haven't already, please make sure you leave us a review on iTunes or Stitcher. Not sure how to leave a review? Check out the instructions here.
About Bill Murphy:
Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader.
Follow Bill on LinkedIn and Twitter.
If you are interested in learning more about RedZone and our security expertise in particular related to Cloud and Email Security Kill Chain Strategy, Techniques, and Tactics you can email email@example.com.
Music provided by Ben's Sound: http://www.bensound.com/