Shows
Certified: The GIAC GISF Audio CourseWelcome to the GIAC GISF Audio CourseIf cybersecurity feels important but confusing, you’re not alone—and you don’t need a computer science degree to get traction. Certified: The ISACA GISF Audio Course is built for busy people who want a clear, practical foundation and a confident path into the GISF certification. In about a minute at a time, you’ll learn how threats actually unfold, how risk gets discussed and measured, and which controls reduce real exposure—identity and access, segmentation, patching, secure configuration, logging, and incident basics. This isn’t a glossary readout. It’s an audio-first course designed for commutes and short breaks...
2026-02-1500 minCertified: The GIAC GISF Audio CourseEpisode 62 — Exam Acronyms: High-Yield Audio Reference for the GISF BlueprintBuilding acronym fluency is a primary requirement for navigating the GISF blueprint, and this episode serves as a high-yield audio reference for the most common shorthand used in the exam. We cover identity acronyms like MFA, IAM, and RBAC, as well as networking fundamentals including DNS, DHCP, TCP, and UDP. The discussion extends to cryptographic terms like PKI and CA, explaining how they enable digital trust, and monitoring acronyms like SIEM, EDR, and NDR. You will practice quick recall drills—hearing an acronym and providing its meaning and a practical use case—to build the professional instincts needed for the...
2026-02-1410 minCertified: The GIAC GISF Audio CourseEpisode 20 — Grasp IP Addressing and Routing Paths in Foundations of Network CommunicationThis episode explores the technical mechanics of IP addressing and the routing paths that allow data to navigate the global network infrastructure. We define the structure of IPv4 and IPv6 addresses, explaining the role of the subnet mask in dividing a network into smaller, manageable segments. You will learn how a router uses its routing table to make high-speed decisions about the "next hop" for a packet, ensuring it reaches its final destination across multiple network boundaries. The GISF exam requires a solid understanding of the difference between public and private IP addresses and how Network Address Translation (NAT...
2026-02-1400 minCertified: The GIAC GISF Audio CourseEpisode 19 — Build a Mental Model of OSI and TCP IP Data FlowUnderstanding how data flows through a network is a fundamental requirement of the GISF blueprint, and this episode focuses on building a clear mental model using the OSI and TCP/IP models. We deconstruct the seven layers of the OSI model—from the Physical layer to the Application layer—explaining the specific role and protocol found at each level. The discussion compares this to the four-layer TCP/IP model, clarifying how data is encapsulated as it moves down the stack and de-encapsulated as it moves up. You will learn about the critical functions of common protocols like IP, TCP, and...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 18 — Spaced Retrieval: Cryptography and Digital Trust Concepts You Must RecallThis rapid recall session is dedicated to reinforcing your understanding of the complex cryptographic and digital trust concepts required for the GISF exam. We move through a spoken drill that challenges you to define the differences between symmetric and asymmetric encryption and to explain how digital signatures provide non-repudiation. This session acts as a mental bridge, ensuring that the technical details of PKI, hashing, and key management move into your long-term memory. We practice identifying the correct algorithm for specific use cases, such as using AES for file encryption or RSA for initial key exchange. By actively retrieving this...
2026-02-1411 minCertified: The GIAC GISF Audio CourseEpisode 17 — Demystify Certificates, PKI, and Trust Chains that Power Secure CommunicationThe Public Key Infrastructure (PKI) acts as the trust engine of the digital world, and this episode demystifies the certificates and trust chains that secure our online interactions. We define a digital certificate as a technical document that binds a public key to a specific identity, and we explain the role of the Certificate Authority (CA) as the trusted third party that signs these documents. You will learn how your browser uses a "trust chain" to verify that a website’s certificate was issued by a legitimate CA found in your local root store. On the GISF exam, you mu...
2026-02-1411 minCertified: The GIAC GISF Audio CourseEpisode 16 — Understand Asymmetric Crypto, Key Pairs, and Digital Signatures for TrustAsymmetric cryptography solves the key distribution problem through the use of mathematically linked public and private key pairs, a concept we explore in-depth in this episode. We explain how data encrypted with a public key can only be decrypted by the corresponding private key, enabling secure communication between parties who have never met. The discussion expands into digital signatures, which provide both integrity and non-repudiation by proving that a message was sent by a specific identity and was not modified in transit. You will learn about foundational algorithms like RSA and Elliptic Curve Cryptography (ECC), which power the modern...
2026-02-1410 minCertified: The GIAC GISF Audio CourseEpisode 15 — Explain Hashing, Integrity, and Secure Password Storage in Digital TrustThis episode deconstructs the role of hashing in ensuring data integrity and the critical methods for secure password storage in a modern infrastructure. We define a hash function as a "one-way" mathematical algorithm that produces a unique, fixed-length string of data, explaining why it is impossible to reverse-engineer the original input from the resulting hash. On the GISF exam, you must understand how hashing provides integrity by alerting you to any unauthorized changes in a file or message. We explore the importance of salting passwords—adding a random string before hashing—to protect against precomputed rainbow table attacks. Common algo...
2026-02-1410 minCertified: The GIAC GISF Audio CourseEpisode 14 — Master Symmetric Encryption Basics for Foundations of Cryptography and Digital TrustSymmetric encryption is a cornerstone of high-speed data protection, and this episode provides a detailed exploration of its mechanics and professional application. We define symmetric cryptography as a system where the same secret key is used for both encryption and decryption, highlighting its efficiency for protecting large volumes of data at rest. You will learn about common algorithms such as the Advanced Encryption Standard (AES) and the deprecated Data Encryption Standard (DES), understanding why AES is the current industry gold standard. The GISF exam requires a clear understanding of the "key distribution problem," where securely sharing the secret key...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 13 — Spaced Retrieval: Cyber Risk, Governance, Compliance, and Ethics Memory SprintThis episode utilizes a rapid-fire spaced retrieval format to solidify your knowledge of cyber risk, governance, compliance, and professional ethics. We move through a series of spoken prompts designed to test your recall of previous concepts, such as the difference between policies and standards or the primary goals of regulatory drivers like HIPAA. This "memory sprint" is a critical component of the GISF study plan, as it helps identify areas where your understanding may be weak before moving on to the more technical domains. We practice applying ethical canons to hypothetical scenarios and choosing the correct risk treatment for...
2026-02-1410 minCertified: The GIAC GISF Audio CourseEpisode 12 — Apply Ethics and Professional Judgment When Security Decisions Get MessySecurity professionals are often placed in positions of immense trust, and this episode focuses on applying ethics and professional judgment during complex decision-making scenarios. We discuss the (ISC)² Code of Ethics and similar professional standards as a compass for navigating conflicts of interest or the discovery of sensitive information. The GISF exam frequently tests your ability to choose the most ethical path, such as reporting a colleague's violation or disclosing a vulnerability according to responsible disclosure guidelines. We examine the importance of integrity and objectivity, emphasizing that a practitioner’s reputation is their most valuable asset in the field. Pra...
2026-02-1411 minCertified: The GIAC GISF Audio CourseEpisode 11 — Navigate Laws, Regulations, and Compliance Drivers that Shape Cyber RiskThis episode explores the complex landscape of legal and regulatory requirements that define the boundaries of modern cybersecurity risk management. We examine the critical distinction between mandatory compliance and actual security, highlighting how drivers like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) influence organizational policy. On the GISF exam, you must be able to identify which laws apply to specific types of data, such as financial records or personally identifiable information (PII). We discuss the professional concepts of due diligence and due care, explaining how these legal standards govern the actions...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 10 — Use Cyber Risk Frameworks to Align Security Work to Business GoalsStandardized frameworks provide the professional structure needed to align security operations with overarching business goals, and this episode introduces the primary models used in the industry today. We examine how frameworks like NIST Cybersecurity Framework, ISO 27001, and the CIS Critical Security Controls provide a common language and a repeatable methodology for managing cyber risk. The discussion highlights how these models help organizations identify their current security posture, define a desired future state, and track progress over time. We explain why using a recognized framework is essential for meeting the legal and regulatory compliance requirements we will explore in the...
2026-02-1411 minCertified: The GIAC GISF Audio CourseEpisode 9 — Manage and Mitigate Cyber Risk with Practical Control PrioritizationIn this episode, we move from the theory of risk to the practical reality of management and mitigation through structured control prioritization. We explore how to evaluate a long list of vulnerabilities and decide which ones require immediate technical intervention based on their potential impact on the organization's mission. The discussion introduces the concept of "defense-in-depth," where multiple layers of technical, administrative, and physical controls are used to create a resilient defensive posture. We examine best practices for choosing controls that provide the highest risk reduction for the lowest cost, ensuring that your security program is both effective and...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 8 — Spaced Retrieval: Foundations of Cybersecurity and Risk Fundamentals Rapid RecallThis high-intensity episode is designed to lock in your understanding of cybersecurity foundations and risk management through a rapid-fire spaced retrieval drill. We revisit the core definitions of the CIA Triad, the asset-threat-vulnerability-control mapping, and the primary risk treatment strategies discussed in previous sessions. This active recall exercise forces you to retrieve information from memory without the aid of notes, simulating the pressure of the testing environment and identifying any lingering gaps in your logic. We move through scenario-based prompts that require you to choose the most appropriate risk treatment or define the impact of a specific security failure...
2026-02-1410 minCertified: The GIAC GISF Audio CourseEpisode 7 — Translate Security Policies, Standards, and Procedures into Everyday Cybersecurity ActionsThe hierarchy of security documentation forms the operational backbone of a mature program, and this episode explains how to translate policies, standards, and procedures into daily professional actions. We define policies as high-level statements of intent, standards as the mandatory technical requirements used to achieve those policies, and procedures as the step-by-step instructions for implementation. This episode highlights the importance of guidelines as optional but recommended best practices that provide flexibility in diverse environments. We examine how these documents work together to ensure consistency and accountability across the enterprise, preventing the "ad-hoc" security failures that lead to breaches. For...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 5 — Map Assets, Threats, Vulnerabilities, and Controls with Foundations of CybersecurityMastering the relationship between assets, threats, vulnerabilities, and controls is a central requirement of the GISF blueprint, and this episode provides a clinical breakdown of these four pillars. We define an asset as anything of value to the organization and a threat as any potential event that could harm that asset. Vulnerabilities are characterized as specific weaknesses that a threat can exploit, while controls are the technical or administrative measures implemented to mitigate that risk. This episode uses practical scenarios to illustrate how these components interact, such as a server (asset) with an unpatched bug (vulnerability) being targeted by...
2026-02-1411 minCertified: The GIAC GISF Audio CourseEpisode 3 — Build a Spoken GISF Study Plan Using Spaced Recall and IndexingSuccess on the GISF exam requires a disciplined approach to information retention, and this episode focuses on building a study plan centered on spaced recall and effective indexing. We explore the cognitive science behind spaced repetition, which involves revisiting key concepts at increasing intervals to move information into long-term memory. The episode provides a detailed walkthrough of creating a custom exam index, a vital tool for the open-book format that allows you to map technical terms to specific page numbers for rapid retrieval. We discuss how to balance active study sessions with practical drills, ensuring that you are not...
2026-02-1412 minCertified: The GIAC GISF Audio CourseEpisode 2 — Know the Rules: Proctoring, Open-Book Boundaries, and Allowed ResourcesNavigating the administrative rules of the GISF exam is just as important as mastering the technical domains, as violations can lead to immediate disqualification. This episode clarifies the boundaries of the open-book format, explaining exactly what types of physical resources, such as personal indices and course books, are permitted in the testing center. We describe the role of the proctor in maintaining exam integrity and the specific environment requirements for both in-person and remote testing sessions. A core concept discussed is the prohibition of digital devices and the strict rules against copying or sharing exam content. Best practices include...
2026-02-1413 minCertified: The GIAC GISF Audio CourseEpisode 1 — Orient to GISF Exam Structure, Scoring, Timing, and Question StyleThis introductory episode provides a comprehensive orientation to the Global Information Assurance Certification Security Fundamentals (GISF) exam, establishing the baseline for your certification journey. We examine the specific anatomy of the test, including the total number of questions, the passing score threshold, and the time management strategies required to navigate the session effectively. Understanding the question style—which often focuses on practical application rather than just rote memorization—is critical for professional success. We discuss the importance of the GSEC-lite nature of this exam, highlighting how it serves as a broad foundation for entry-level practitioners and seasoned professionals alike. Cand...
2026-02-1414 min
African CurrentsHow Ghana Combats Rising Internet Safety Threats to Protect ChildrenRecent studies show an uptick in digital engagement among African youth, with internet usage rates varying significantly across the continent. In Eastern and Southern Africa, over half (65 percent) of children aged 12-17 have accessed the internet in the past three months, though this figure ranges from just 25 percent in Ethiopia to a staggering 81 percent in Namibia, according to Safe Online. In response, organizations like the Ghana Internet Safety Foundation (GISF) are tackling these challenges head-on, offering education and advocacy to protect children online.
2025-03-3131 min
The GISF Podcast - Global Interagency Security ForumGISF in Lebanon: coordinating security amidst crisis
In this latest episode, Matt Stockton (GISF’s Technical Security Risk Management Lead), joins Emily Wright (GISF’s Research Officer) for a frank conversation on the successes and learnings from his recent mission in the Middle East.
Matt spent several weeks in Jordan and Lebanon during the Israel-Hezbollah conflict. During his time in the region, Matt was seconded to LHIF – the Lebanon Humanitarian INGO Forum. Working closely with the Forum, Matt helped to improve security coordination and training in the region, to protect aid workers during a moment of heightened risk and uncertainty. Matt was also supp...
2025-01-2225 minThe GISF Podcast - Global Interagency Security ForumNavigating Leadership in Humanitarian SecurityIn this latest episode, Tara Arthur sits down with Lucy Ellis from The Ready to talk about leadership in security risk management.
Lucy discusses the skills and qualities that make a good leader, some of the challenges they face, and how engaging in ego-work can help leaders grow. She also shares practical insights on how to engage senior leaders effectively, build trusted relationships, and foster a collaborative approach to security risk management.
2024-10-2843 minThe GISF Podcast - Global Interagency Security ForumNew Challenges, New Solutions: Rethinking SecurityIn this latest episode, Tara Arthur sits down with Ebe Brons, founder and CEO of the Centre for Safety and Development (CSD).
Ebe recently wrote an interesting blog for GISF on enhancing humanitarian logos. This episode explores the proposal in more depth. Ebe shares his inspiration behind the idea and discusses some of the key debates and arguments surrounding it. He also touches on modern warfare and future training needs for NGOs.
You can access all the episodes from the series here: https://gisf.ngo/resource/gisf-podcas...
2024-09-2537 min
The GISF Podcast - Global Interagency Security ForumState of Practice: The Evolution of Security Risk Management in the Humanitarian SpaceCo-authored by GISF and Humanitarian Outcomes, the State of Practice report provides a global review of humanitarian security risk management, highlighting key developments in recent years.
In this episode, we are joined by one of the lead authors, Abby Stoddard. Abby discusses the motivations behind the report, the process of its creation, and the key findings. She also delves into the evolving SRM landscape, including advancements in SRM coordination and the disparity between local and international actors.
2024-08-0546 min
Fresh Humanitarian PerspectivesBuilding effective humanitarian learning communitiesSend us a textHow can we harness the power of communities and networks as tools for humanitarian learning?In this podcast episode, Esther Grieder (the HLA's Global Communities and Partnerships Lead), leads a deep dive discussion with three seasoned community builders from Ghana, Nigeria and the UK to share and compare professional experiences.Tune in to hear insightful learnings and reflections from Esther and guests Ese Emerhi (Global Network Weaver for Global Fund for Community Foundations), Jon Novakovic (Executive Director for Global Inter-agency Security Forum – GISF), an...
2024-06-1456 min
The GISF Podcast - Global Interagency Security ForumThe Intersection of Technology and Human SecurityAbout this Episode:
In this Episode, we are joined by Ziad Al Achkar, Ph.D. Candidate and Researcher at the Carter school for peace and conflict resolution to discuss his research that focuses on the use of digital technologies and remote sensing by humanitarian and peacebuilding organisations. Ziad shares his insights on the trending technologies we need to know about in the sector, key areas of humanitarian technologies that security staff should focus on that can help keep aid workers safe, as well as opportunities to better bridge the divide between IT security experts...
2023-05-2542 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Notification Systems: unpacking the complexities and possibilitiesAbout this Episode:
'Humanitarians operating in conflict settings seek to cultivate relationships with armed actors to enable humanitarian access, mitigate humanitarian insecurity, and promote civilian protection'. In this episode, Rob Grace delves into some of the operational challenges of humanitarian notifications systems (HNS) and their effectiveness by providing a historical overview and discussing how we may see humanitarian organisations use these systems in the future. You will also hear about Rob’s interesting journey that led him to explore HNS.
‘For the purposes of this conversation, humanitarian notification systems are ...
2023-04-2736 min
The GISF Podcast - Global Interagency Security ForumReflections from GISF's Executive Director: 10 years with GISFAbout this Episode:
As GISF’s Executive Director Lisa Reilly bids farewell to GISF and moves onto the next chapter of her career, she reflects on her experiences in the humanitarian and security sector. From the critical need for inclusivity and a person-centered approach to security, to breaking down silos across departments and the changing expectation/requirements of what it means to be a security manager, this episode unpacks how the security and humanitarian sector has evolved throughout her career.
In this episode, Lisa Reilly reflects on her journey that led her to become GISF’s Exec...
2023-03-3036 min
The Well Woman Show311 Future Women: Developing Girls' Inherent Strengths with Kim BrownOn the Well Woman Show this week, we're sharing the full interview with Kim Brown. Kim has over 20 years of non-profit experience with a focus on educating and empowering girls and young women. She has transformed Girls Inc. of Santa Fe into a trusted organization that provides high-quality, intentional, and effective programs with highly impactful outcomes. Kim has built community support, increased staff retention, and the overall success of GISF. Kim’s leadership and understanding of being a woman in business have developed along with her understanding that empowering others empowers her.
On the show today, we discuss the role of...
2023-03-1524 min
The GISF Podcast - Global Interagency Security ForumInsights from a Security Manager: managing operations in complex environmentsAbout this Episode:
In this episode, Mila Shutova (Christian Aid) unpacks some of the challenges facing security managers operating in complex environments, including the importance of historical understanding, community engagement, neutrality of information, and the importance of self-care.
About the Series:
This podcast series ’Evolving NGO Security Risk Management’, looks at the innovations, transformative developments, and dynamic trends facing the humanitarian and development sector. We have elected to explore the facets of ‘Evolving NGO SRM’, to unpack the changing environments, practices, discussions, and technical considerations impacting the safety and security of aid workers and opera...
2023-02-2240 min
The GISF Podcast - Global Interagency Security ForumReflections from the GISF Secretariat: Inclusive Security, Professionalising SRM, and the Return to Face-to-Face CollaborationLast year, GISF released a host of innovative resources facilitating the professionalisation of SRM, held conversations on making security practices more inclusive, and returned to face-to-face opportunities for shared learning. In this podcast, members of the GISF Secretariat reflect on some of their favourite moments from 2022 and the projects they are excited for in the coming year.
2023-02-0729 min
Practical Cybersecurity with Jen StoneTop Breaches of 2022 | SecurityMetrics Podcast 62"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn:Most common breach types this yearTips to help your employees stay secureHow to respond to a data breachHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with...
2022-11-2347 min
SecurityMetrics NewsRising Vishing Scams - Apple Malware - Twitter Breach - Slack Leak | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Tune in this week as Heff and Jared give you the latest in this week's cyber news!This Week's Stories:Apple app store plagued with malwareTwitter leaking APIsVishing tactics on the riseHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Jared Bergenthal (SOC Intern).
2022-08-1928 min
The GISF Podcast - Global Interagency Security ForumSecurity Managers of TodayIn this episode, Javeria Ayaz Malik unpacks the qualities and qualifications it takes to be a security manager of today, and examines how we can improve the security sector by amplifying good inclusive practices.
This podcast series explores the elements of inclusive security, what it is, and what it looks like in the humanitarian context. These conversations are enriched by expert guests spanning security professionals, humanitarians, and more.
2022-07-2754 minSecurityMetrics NewsAmazon Scams - Disney Hack - Drone Hack - Fake Cisco Tech - Honda Car Hack | SecurityMetrics NewsSubscribe to the SecurityMetrics News Feed!Tune in this week as Heff and Kaden give you the latest cyber-news! Common Amazon scams to look for, recent Disneyland hack, counterfeit Cisco tech and more!Also Included:Apple "Lockdown Mode"The Return of MacrosNew Ransomware Search ToolHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Kaden Payne (SOC Intern).
2022-07-1530 minSecurityMetrics NewsInternet Explorer - Apple M1 - Russia Cyber War | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Tune in this week as Heff and Noah give you the latest cybersecurity news - The retirement of Internet Explorer, Apple M1 chip vulnerability, Russia cyber war updates and more.Also included:New Jersey Healthcare BreachLargest Botnet EVERLatest Ransomware AttacksHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer).
2022-06-1724 min
The GISF Podcast - Global Interagency Security ForumReflections on Inclusive SRMWhile anti-discrimination practices and legislation exist, the extent to which these are interpreted and lineally applied to all staff can raise challenges. This episode explores reflections on the dynamic challenges facing organisations and opportunities to improve inclusive SRM practices.
This podcast series explores the elements of inclusive security, what it is and what it looks like in the humanitarian context. These conversations are enriched by expert guests spanning security professionals, humanitarians, and more.
2022-05-2536 minSecurityMetrics NewsiPhone Hack - Tesla Hack - PrintNightmare Return - $5 Trojans and More | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! iPhones and Teslas can now be hacked remotely?? Tune in this week as Heff and Noah give you the LATEST CYBER NEWS. Included This Week:PrintNightmare RETURNS$5 Trojans for SaleiPhones Hackable Even When Shut OffHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer).
2022-05-2029 minPractical Cybersecurity with Jen StoneThe Future of Cybersecurity - Top 10 Cyber Trends | SecurityMetrics Podcast 50"The threat environment is becoming more aggressive, and the footprint that businesses need to protect is huge. Businesses need to reframe their expectations and reframe their focus."Reading the future is hard, especially in relation to cybersecurity. However, looking at current cyber trends helps us have a better idea of what is around the corner. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) dive into the TOP 10 cybersecurity trends, and predict the FUTURE.Listen to learn:
2022-05-1137 minSecurityMetrics NewsGoogle Privacy Update - PII Can Now be Removed from Searches | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Have you ever been worried of the fact that people can google your name, phone number, address, and more? Join Heff and Noah this week as they give you the latest with the recent Google update, allowing you to REMOVE your PII from search. Additional Stories:Black Basta Ransomware Gang - Conti 2.0?Twitter seeks to authenticate all users - good or bad?How to protect your network from FAKE Cisco hardware.Hosted by Matthew Heffelfinger...
2022-05-0625 minSecurityMetrics NewsT-Mobile Breached AGAIN | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! Tune in this week as Heff and Noah update you on the latest T-Mobile breach and more!Additional stories:Latest MOST sophisticated Facebook phishingVirustotal Security FlawsLATEST on the Russian/Ukraine Cyber warHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer).
2022-05-0126 minSecurityMetrics NewsTop 10 Tax Scams - 5 Tips to Avoid Getting Tricked | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Tax season is here, and so are the SCAMS! Don't get fooled - tune in with Heff and Noah as they give you the top scams to look out for, and 5 TIPS on how to stay SAFE.Listen to learn:-Common tactics used by scammers-How to spot a scam-5 tips to keep your data secure from scammersHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack...
2022-04-1409 minSecurityMetrics NewsGoogle Chrome, Apple Vulnerabilities & 4,000 FAKE Job Offers | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Hop in this week as Heff and Noah give the run down of this weeks TOP CYBER STORIES. Subscribe to get the latest news in the world of cyber.Covered this week:- Ukraine, Russia CYBER WAR flames on- HUGE Apple zero day- Log4Shell is BACK - Spring4ShellHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+...
2022-04-0826 minSecurityMetrics NewsLapsus$ Okta Breach Timeline | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!How does a breach like the recent Okta breach happen? How do the hackers get in? Tune in this week as Heff and Noah dive into the step by step process taken by Lapsus$ on the recent Okta breach.Hosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer).
2022-04-0124 minSecurityMetrics NewsOkta and Microsoft Breach | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Okta, an authentication company used by thousands of organizations around the world, has now confirmed they have been breached - affecting around 2.5 percent of its customers.Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems.Get the latest updates in the BREAKING Okta breach and more with Heff and Noah!Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F...
2022-03-2421 minSecurityMetrics NewsUkraine Russia Cyber War Rages On | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! The cybersecurity war between Russia and the rest of the world is hotter than ever before. Hackers taking sides, companies leaving Russia, and even a good old "Rick Roll" comes into the field. Tune in this week as Heff and Noah run down the latest on this cyber war.Included this week:Companies deny service to RussiaConti Ransomware BREACHEDRussian PHISHING to be aware ofHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT...
2022-03-1121 minSecurityMetrics NewsUkraine vs Russia: Hackers Take Sides | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!The battles between Russia and Ukraine rage even in the cyberverse, and hackers are taking sides. Tune in this week as Heff and Noah run you down with the latest cyber news this week.Also included:-Elon Musk gives Starlink to Ukraine-Hacker rally under the Anonymous banner-Russian electric car charging stations hackedHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center...
2022-03-0439 minSecurityMetrics NewsE-Commerce Payment Skimming Attacks On The Rise | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!HUNDREDS of e-commerce sites have been hit with payment card-skimming malware. Tune in this week as Heff and Noah discuss the latest online skimming attacks, and tools out there that can prevent them.Additional Stories:FAKE Windows 11 downloader - BEWAREFrance BANS Google Analytics, claim GDPR violationHacker finds unlimited Ethereum glitchHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security...
2022-02-1830 min
The GISF Podcast - Global Interagency Security ForumInclusive psychological safetyThis episode focuses on inclusive psychological safety featuring guest speaker, Mo Ali, Coach & Co-founder of The Innovation.
Links:
The Innovation community
Unleashing your inner leader programme
BAME, Ethnic Minorities, BIPOC - Which Terms To Use and Why
Anti-racism activists urge aid groups to improve monitoring and examine workplace cultures
Half aid workers report racism at work in past year - poll
If we want to build more inclusive cultures, we need to get comfortable talking about race.
What is white privilege?
Books:
Brene Brown, Dare to Lead
John Amaechi OBE, Promises of Giants
Tiffany J...
2022-02-1645 minSecurityMetrics NewsCrypto Exchanges HACKED - Wormhole, Bitmart, Crypto.com | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Multiple crypto exchange sites get hit BIG, loosing hundreds of millions of dollars worth of crypto. Tune in this week as Heff and Noah dive into the latest crypto breaches this year.Also Included:- Ukraine Malware Attacks Uncovered- Unsafe Browser Saved Passwords- Kronos BreachHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer)
2022-02-0437 min
The GISF Podcast - Global Interagency Security ForumInclusive security at the UNThis episode focuses on inclusive security at the UN featuring guest speaker, Catherine Plumridge from the UN Department of Safety & Security.
This series explores inclusivity through the lens of security risk management (SRM). It can be said that inclusivity is at the heart of successful SRM. Organisations have a responsibility to provide a duty of care to all staff. They must take all reasonable measures to protect their staff from foreseeable risks, including those that emerge due to an aid worker’s personal characteristics such as, gender, race, ethnicity, religion, gender, disabilities, sexual orientation etc. Security professionals need...
2022-01-1337 min
INSSA InsightsInterview with Robert Macpherson, Col. USMC (Ret), Humanitarian, AuthorKey Takeaways:0:00 Intro1:33 Robert shares some of the reasons that made him decide to write his book5:57 Robert talks about some of the similarities between the military, the marine and the International Development Humanitarian Aid sectors9:42 Robert talks about his transition from a marine to being humanitarian worker and how it was for him13:55 Robert talks about the lessons he learned while in the military and the advice he would give to people who want to move from the military space into the NGO space17:57 Robert talks about how it was for him developing...
2021-12-2155 minPractical Cybersecurity with Jen StoneTOP 10 Breaches of 2021 | SecurityMetrics Podcast 42Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA), Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB), and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) wrap up this season with the TOP 10 breaches of 2021!Join us for SEASON 3 of SecurityMetrics Podcast this January!A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club. If you're trying to figure out PCI compliance or need a pen test, my team...
2021-12-0855 minSecurityMetrics NewsMillions of Home Wi-Fi Routers Threatened by Malware - How to Find It | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Newly found malware is plaguing MILLIONS of home and work routers. Join Heff and Forrest as they discuss what this new malware is, and what YOU can do to stop it.Also Included:- PS5 and Xbox Black Friday Scams- FBI Email HACKED- Fake Amazon SitesHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-11-1931 min
The GISF Podcast - Global Interagency Security ForumOperationalising InclusivityWe are excited to release the second episode of GISF’s new Inclusive Security Podcast Series. This episode focuses on a operationalising inclusivity featuring guest speaker Araba Cole from the International Rescue Committee (IRC). This series explores inclusivity through the lens of security risk management (SRM). It can be said that inclusivity is at the heart of successful SRM. Organisations have a responsibility to provide a duty of care to all staff. They must take all reasonable measures to protect their staff from foreseeable risks, including those that emerge due to an aid worker’s personal characteristics such as, gende...
2021-11-1842 minSecurityMetrics NewsBlack Friday Scams - Don't Get Fooled | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! Phishing scams are nothing new, but the tactics used by threat actors definitely are. Tune in this week as Heff and Forrest keep you up to date on the phishing lures to look out for this Black Friday.Also Included:- How to stop your SmartTV from spying on you.- How much Data does Big Tech collect?- Trojan source code attackHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and...
2021-11-0537 minSecurityMetrics NewsLatest Phishing Lures - Cyber Security Month | SecurityMetrics NewsSign up for this year's SecurityMetrics Summit free live event!Subscribe to our Weekly Threat Intelligence Center News Feed!Phishing tactics are always on the move, and you need to be as well if you want to stay safe. Join Heff this week as he covers the latest changes and tactics used in phishing.Listen to learn:- Recent patches released- Facebook breach- Dahua and Hikvision security camera breachHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB...
2021-10-1533 min
The International Risk PodcastEpisode 46: with host Dominic Bowen and guest Lisa Reilly from the Global Interagency Security Forum discussing international risk, diversity, and mentally healthy workplacesThe International Risk Podcast is a weekly podcast for senior executives, board members and risk advisors. In these podcasts, we speak with risk management specialists from around the world. Our host is Dominic Bowen, originally from Australia, is one of Europe's leading international risk specialists. Having spent the last 20 years successfully establishing large and complex operations in the world's highest risk areas and conflict zones, Dominic now joins you to speak with exciting guests from around the world to discuss risk.The International Risk Podcast – Reducing risk by increasing knowledgeFollow us on Faceb...
2021-10-1038 minSecurityMetrics NewsHow to Know If an App Is Secure | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Throughout the last decade, we have become more and more reliant on apps on our phones. With an ever-increasing number of apps to download, you would be surprised at how many apps are unsecure and funnel your data. Tune in this week as Heff and Forrest tackle the steps you need to take in making sure your apps are secure.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-10-0422 minSecurityMetrics NewsApple's "ForcedEntry" Patch and More | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Patch all the things! Join Heff and Forrest this week as the give the latest on all the recent patches released by Apple, Microsoft, Google and more!Listen to learn:- How likely is your employee to cause a data breach?- TV remotes now hackable?- How to search for hidden cameras in your AirBnB/VRBO.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO...
2021-09-1740 min
The GISF Podcast - Global Interagency Security ForumIntroducing a Person-Centered ApproachWe are excited to announce the upcoming official launch of GISF’s New Inclusive Security Podcast Series. We invite you to follow along and not miss an episode of this dynamic series by subscribing to The GISF Podcast on your preferred listening platform, including Spotify and Apple Podcasts. This new Inclusive Security Series explores inclusivity through the lens of security risk management (SRM). It can be said that inclusivity is at the heart of successful SRM. Organisations have a responsibility to provide a duty of care to all staff. They must take all reasonable measures to protect their staff fro...
2021-09-1538 minSecurityMetrics NewsHackers Changing Their Tactics - Deepfakes, CPU Malware, and More | SecurityMetrics NewsJoin us this week as Heff and Forrest rip into the latest tactics used by hackers to breach YOUR DATA.Watch to learn more about additional stories:Best Browser Extensions to Improve SecuritySmart TV MADNESS - Samsung TV LockAMD Processors MELTING??Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-09-0338 minSecurityMetrics NewsT-Mobile Breach Leaks Data in the Millions | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! - https://www.securitymetrics.com/lp/education/threat-intelligence-subscribeTune in this week as Heff and Forrest discuss the HUGE T-Mobile data breach.Watch to learn more about additional stories:-Healthcare breaches rising to new high.-Can you trust your Smart TV?-Healthcare systems shut down in ransomware attackHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-08-2034 minSecurityMetrics NewsBlackMatter Ransomware Succeeds Darkside and Revil | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed!Tune in this week as Heff and Forrest dive into the recent news with BLACKMATTER Ransomware.Watch to learn more about additional stories:-Hackers turn to EXOTIC code languages.-Pegasus Spyware targets journalists.-Top 25 most dangerous vulnerabilities.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-08-0634 minSecurityMetrics NewsKaseya VSA Zero Day UPDATE | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! - https://www.securitymetrics.com/lp/education/threat-intelligence-subscribeJoin Heff and Forrest this week as they go over the latest in the Kaseya VSA Zero Day.Watch to learn more about additional stories:-The MONSOON of patches released in Patch Tuesday.-Mint Mobile breach sending many users phones to other services.-HUGE CNA Insurance breach.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-07-1631 minSecurityMetrics NewsWestern Digital Vulnerability Causes Data Loss in Hard Drives | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! - https://www.securitymetrics.com/lp/education/threat-intelligence-subscribeJoin Heff this week as he dives into the Western Digital hard drive vulnerability, the recent bad news from Microsoft, and breach #2 of this year for LinkedIn.Watch to learn more about additional stories:-Google requiring multi-factor authentication from their android app developers.-The scary truth about the lack of security at our water utilities-How good cyber hygiene can help your company stay secure.Hosted by Matthew Heffelfinger (Director of SIEM Operations...
2021-07-0230 minSecurityMetrics NewsVolkswagen and Fujifilm - Breaches Galore! | SecurityMetrics NewsSubscribe to our Weekly Threat Intelligence Center News Feed! - https://www.securitymetrics.com/lp/education/threat-intelligence-subscribeJoin Heff and Forrest as they cover the plethora of breaches in the news this week! More malware, more ransomware, and even more lessons learned!Watch to learn more about additional stories:RFID tags now in car tires.Anonymous send message to Elon Musk.DHL phishing email case study.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF...
2021-06-1834 minSecurityMetrics NewsAmazon Sidewalk Gives Users ONE WEEK to Opt Out of Mass Wireless Sharing | SecurityMetrics News 12Tune in this week as Heff and Forrest discuss Amazon Sidewalk and their short notice to allow users to opt of of their wireless sharing.Watch to learn more about additional stories:How safe are browser extensions?JBS meat plant breach.US banks give green light to use facial recognition technologyHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-06-0431 minSecurityMetrics NewsColonial Pipeline PAYS $5M Ransomware! | SecurityMetrics News 11Watch this week as Heff and Forrest dive into the latest on the HUGE US Colonial Pipeline breach, the recent D.C. police ransomware, and the recent change in malware as a service.Watch to learn more about additional stories:-Apple Airtags HACKABLE!-Ireland refuses to pay any ransomware.-Frag Attacks expose vulnerabilities in all wifi devices.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-05-2137 minSecurityMetrics NewsIvanti Pulse Secure Breach Update | SecurityMetrics News 10Watch this week as Heff and Forrest discuss the recent Ivanti breach, Apple ransomware, SonicWall's 3 zero days, and more.Listen to learn more about additional stories:92% of businesses that pay ransomware never get their data backRecent security additions to Apple's recent software updatePassing of Dan KaminskyHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).
2021-05-0751 minSecurityMetrics NewsFBI Remotely Hacking Computers to Aid Microsoft Exchange Breach | SecurityMetrics News 9Heff and Forrest analyze the recent court order allowing the FBI to remotely hack hundreds of private computers. They also cover recent malware introduced via LinkedIn and the downplaying of the Facebook and Ubiquiti data breaches.Listen to learn more about additional stories:Homeless man "pen tests" USC football practiceHow to search if to see your data was part of a recent breachCorporations that gaslight their customers after compromisesHosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP...
2021-04-1646 minSecurityMetrics NewsPHP GIT Breach | SecurityMetrics News 8Heff and Forrest analyze prominent data breaches in the news, including the PHP Git Server, SITA, and Hobby Lobby. They brief viewers on the current state of ransomware–now known as ransomware 2.0, and dissect the extent of Ubiquiti’s breach; their possible ransom payments, and organizational missteps. Listen to learn more about additional stories:US Strategic Command Base Command’s Twitter account left unattended and results spur conspiracy theories.The depths phone scammers will go to trick the elderly into sending cash. The prevalence of nation-state cyber attacks, retaliation, and over...
2021-04-0250 min
Middle East Dossier[Boots Off the Ground: Security in Transition in the Middle East and Beyond] Episode 13: Humanitarian Aid Agencies Risk ManagementIn this episode, Mr Jason O’Connor, Deputy Director (North America), GISF – Global Interagency Security Forum, speaks about protecting people working in the development and humanitarian response sectors (in challenging environments) from physical violence and cyber risks. He also elaborates on how to promote proper security risk management practices and improving security of aid workers.
This podcast series is presented by Dr Alessandro Arduino, Principal Research Fellow and Dr Ameem Lutfi, Research Fellow, at the Middle East Institute, National University of Singapore.
2021-03-2939 minSecurityMetrics NewsVerkada Security Camera Breach and More | SecurityMetrics News 7Heff and Forrest analyze recent cybersecurity news, including the Verkada Security Camera Breach, WeLeakInfo Return, updates on the Microsoft Exchange Server, and an examination of hacker group FIN8.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).Watch to learn more about: 150,000 of Verkada’s AI-driven camera feeds exposed by hacktivists including private homes, prisons, hospitals, and businessesFormerly shut-down WeLeakInfo website domain lapses and a new hacker takes overAnalysis of phishing training campaign tac...
2021-03-2043 minThe International Risk PodcastEpisode 11: with Christina Wille from Insecurity InsightThe International Risk Podcast is a weekly podcast for senior executives, board members and risk advisors. In these podcasts, we speak with risk management specialists, people exposed to risk, and other exciting guests from around the world. Our host is Dominic Bowen is one of Europe's leading international risk specialists, crisis managers, and public speakers. Dominic is supporting some of Europe's most successful companies to improve enterprise risk management, limit corporate risk exposure, understand geopolitical impact, and prepare for and respond to crisis. Having spent the last 20 years successfully establishing large and complex operations in the world's highest risk ar...
2021-02-2136 minSecurityMetrics NewsSudo Vulnerability, Emotet and Netwalker Takedown, Bonobos Breach | SecurityMetrics News 4SecurityMetrics News, from SecurityMetrics Threat Intelligence Center, is a cybersecurity news series to inform businesses of developing threats, and provide analysis, best practices, and tips to protect your data. SecurityMetrics News airs new episodes bi-monthly, with new topics every time. This episode includes: Apple’s recent security updatesEmotet takedown by the U.S. GovernmentNew strains of ransomwareThe Parler saga and COVID vaccine misinformationMatthew Heffelfinger - (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB)Forrest Barth - (SOC Analyst, CISSP, CMNO, Security+)[Disclaimer] Before implementing any...
2021-02-1938 minSecurityMetrics NewsWater Treatment Plant Breach, Supercookies, and Voice Assistant Privacy | SecurityMetrics News 5SecurityMetrics News, from SecurityMetrics Threat Intelligence Center, is a cybersecurity news series to inform businesses of developing threats, and provide analysis, best practices, and tips to protect your data. SecurityMetrics News airs new episodes bi-monthly, with new topics every time. In this episode, Heff and Forrest cover topics including: New creative hacking methods involving supercookies and faviconsCyber attack at Oldsmar water-treatment facility SolarWinds attack updatesCyberpunk 2077 source code soldTips for better security of your IoT devices–Google Home, Alexa, SiriMatthew Heffelfinger - (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF...
2021-02-1942 minSecurityMetrics NewsUS Capitol Breach, Ubiquiti Breach, and Attacks on Parler CEO | SecurityMetrics News 3In this SecurityMetrics News episode, Heff and Forrest analyze recent cybersecurity news, including the recent breaches in the US Capitol, the details on the Ubiquiti breach, Malwarebytes breach update, and the nasty cyber-attacks on Parler CEO. They dive in to help you understand the threats and attacks, and give tips to avoid data breaches at your organization.Matthew Heffelfinger - (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB)Forrest Barth - (SOC Analyst, CISSP, CMNO, Security+)[Disclaimer] Before implementing any policies or procedures you hear about on this o...
2021-01-2231 minSecurityMetrics NewsMicrosoft Source Code Exposed, T-Mobile Breach, Whirlpool Ransomware Attack | SecurityMetrics News 2In this SecurityMetrics News episode, Heff and Forrest analyze recent cybersecurity news, including the recent Microsoft source code leak, the T-Mobile breach, Whirlpool ransomware attack, updates on the alarming Solarwinds breach, and a review of all the nasty breaches recorded in 2020. They dive in to help you understand the attacks and give tips to avoid data breaches at your organization.Matthew Heffelfinger - (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB)Forrest Barth - (SOC Analyst, CISSP, CMNO, Security+)[Disclaimer] Before implementing any policies or procedures you hear about o...
2021-01-0823 min
The GISF Podcast - Global Interagency Security ForumReflections from 2020: Insights from a Global Security ManagerThis episode highlights the ongoing and unique challenges faced by many security managers this year. "2020 … it’s not just a year it’s a phenomenon’. Vita Peake Associate Manager of Global Security for Population Services International (PSI), aptly describes the impactful year many have experienced. From the dramatic impact of Covid-19 to the evolving intersection of gender and diversity, we take a moment and reflect on how one security manager and their team embraced the events of this year.
2020-12-2141 min
The GISF Podcast - Global Interagency Security ForumThe intersection of climate change, compounding crises and security risk managementAs security managers increasingly contend with evolving and compounding crises, at the intersection of pre-existing security risks sits a climate crisis. In this episode we speak with Emma Villard, Global Duty of Care Project Lead and Campaigns Operation Security Advisor for Green Peace International to consider the role security managers can play in better understanding, forecasting and mitigating climate change risks.
2020-10-2939 min
The GISF Podcast - Global Interagency Security ForumThe ever-changing role of the NGO security risk managerSince its inception, humanitarian security risk management has developed rapidly. In recent years, the profession has evolved from the ‘compounds and barbed wire’ activities it used to be known for, shifting to include staff safeguarding, wellbeing, digital security and more.
In 2020, a year that seems to define ‘compounding crises’, the profession has been forced to change yet again. NGO security risk managers can now add health and safety and domestic security risk management to their ever-growing repertoires.
In this episode, we speak with Andrew Kirkham, Corporate Security Manager for Christian Aid, to unpack the ever-changing trajectory...
2020-09-2838 min
The GISF Podcast - Global Interagency Security ForumCompounding Crises: Digital security in the humanitarian spaceFor some, the digitisation of the humanitarian sphere is a crisis. For others, it’s a door to a world of unforeseen opportunities. Whatever way you look at it, digitisation has the potential to present real risks to NGOs and their staff.
After dozens of NGOs were hit by a hack on a large US fundraising database in July, the message has been clear; don’t wait until an incident happens to improve your digital security.
While the scope of security risk management continues to grow, encompassing safeguarding, wellbeing and many more non-traditional components, it’s unde...
2020-08-1743 min
The GISF Podcast - Global Interagency Security ForumCompounding Crises: Partnerships in CrisisIn the first episode of Compounding Crises, the third GISF Podcast series, we speak to Léa Moutard, GISF’s Research Advisor. Since joining GISF in August 2019, Léa has been managing a pioneering new research project on Partnerships and Security Risk Management: from the local partner’s perspective.
In recent years, limited access and growing risks have meant that more and more international NGOs collaborate with local and national NGOs to implement humanitarian responses. With the travel restrictions of the COVID-19 pandemic, international NGOs’ reliance on local partners is likely to increase, while renewed attention to the local...
2020-07-1542 minThe GISF Podcast - Global Interagency Security ForumSpecial Edition: Managing Operations in a COVID-19 WorldIn this one-off podcast, Tara Arthur, GISF’s Projects and Membership Officer (Americas) speaks to Heather Hughes, GISF’s Deputy Director. Since February, Heather has been leading GISF’s activities on COVID-19. During this short release, Tara and Heather discuss some of the challenges the humanitarian security risk management community is facing and has faced in the COVID-19 world.
Prior to joining GISF, Heather worked in a range of roles within the humanitarian sector - including working as the first-ever Global Security Manager at Oxfam GB. Learn more about Heather and Tara.
Look out for GISF’s...
2020-06-1817 minPractical Cybersecurity with Jen StonePhishing and Malware Attacks Amidst COVID-19 | SecurityMetrics Podcast 4In this episode, Jen Stone (Principal Security Analyst, CISSP, CISA, QSA) sits down with Matt Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+) to discuss:How threat actors are leveraging the COVID-19 crisis climate to prey on businesses and individualsCurrent phishing and social engineering scams to watch out for and how to avoid them Security awareness tips you can share with those most vulnerable to cyber scams and attacksResources: https://www.securitymetrics.com/blog/covid-19-cyber-attacks-threat-report-and-best-practices2020 SecurityMetrics HIPAA Guide: https://in...
2020-04-2936 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: What happens to Incident Information? The Analyst’s PerspectiveIn this episode of the Humanitarian Incidents podcast we speak to Frances Nobes, Security Operations and Research Analyst for World Vision International.
Frances discusses what we mean when we talk about ‘analysis’, why it matters, and the role incident information can play in it, as well as some of the common challenges that analysts face and ways for organisations to overcome themFrances is responsible for leading analytical support for security operations for World Vision, one of the world’s largest INGO’s, dedicated to providing life in all its fullness to over 100 million sponsored children, their families and commun...
2019-01-1816 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: Building Trust at the Field Level: The National PerspectiveIn the fourth episode of the Humanitarian Incidents series we speak to Nour Kossaibany, security lead at the International Rescue Committee. Nour explains why keeping national staff and local partner staff safe is critical for organisations and effective programme delivery. She discusses how security risk management and incident information can support this goal. Nour works with IRC in Lebanon, where she is from, and where part of her job is humanitarian negotiation mainly to ease access and maintain safer programming.
2018-12-1412 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: Sexual Violence: Ensuring Lessons are Learned while Remaining Survivor-focusedTW: this episode contains references to sexual violence throughout.
Much information on security incidents can be considered sensitive, particularly when it relates to very personal cases, such as sexual violence. But if we are going to reduce incidents we need to know about them. In episode four of the Humanitarian Incidents podcast, Megan Nobert, founder and former Director of Report the Abuse, shares her advice on how NGOs should respond if a member of staff reports an incident of sexual violence.
2018-11-0917 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: Evidence Based Advocacy: How can Incident Information help?In the third episode of the Humanitarian Incidents series, Leonard S. Rubenstein, Senior Scientist at Johns Hopkins Bloomberg School of Public Health, and Adelicia Fairbanks, Research Advisor at EISF, discuss how incident information can help advocacy. Len and Adelicia explain how security incident data can be used for advocacy purposes, including the benefits and challenges. They also provide guidance on ways in which advocacy professionals can use security incident data to support their organisation’s advocacy efforts.
2018-10-1927 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: Building on Success: Effective use of Information to Improve SRMIn the second episode of the Humanitarian Incidents podcast, Phil Candy, Security Advisor at Medair, discusses why his organisation adopted a robust online security incident information management system. He explains the benefits of the new system and the challenges Medair have faced its delivery. He also highlights some of the ongoing and future improvements planned for the system to increase its usability and encourage staff across Medair to report even minor incidents to create a clearer picture of its operating contexts. Finally, Phil provides some overarching advice for non-governmental organisations (NGOs) considering the adoption of a SIIM system, stressing the...
2018-09-2817 min
The GISF Podcast - Global Interagency Security ForumHumanitarian Incidents: What is Incident Information?In the first Humanitarian Incidents podcast, Christina Wille, Co-Director at Insecurity Insight, explains what incident information is and how it plays a vital role in non- governmental organisations (NGOs) in terms of improving security risk management but also in advocacy and project management. In the podcast, Christina also addresses common criticisms made of incident data and the reasons NGO’s often give from refusing to share information regarding the security incidents they have experienced. Finally, she discusses why is it important for organisations to share incident data and what benefits can be gained through this form of collaboration.
The pr...
2018-09-0522 min
The GISF Podcast - Global Interagency Security ForumEISF in Conversation: Michael Kramer, FDFAMichael Kramer is the Head of the Security Section at the Crisis Management Centre of the Swiss Federal Department of Foreign Affairs (FDFA). In this final episode of the EISF in Conversation podcast, Michael discusses the differences between security risk management for governments and NGOs, and shares his thoughts on how to write a good proposal to the Swiss FDFA.
2017-12-2021 min
The GISF Podcast - Global Interagency Security ForumEISF in Converation: Lisa Reilly, EISFIn this episode of the EISF in Conversation podcast, Lisa Reilly, Executive Director at EISF, shares stories about how coordination can help ensure the safety and security of aid workers, and improve humanitarian access. Lisa is committed to improving humanitarian security risk management through the sharing of information and coordination between as many actors as possible.
2017-12-0113 min
The GISF Podcast - Global Interagency Security ForumEISF in Conversation: Craige Grice and Salah Noori, NRCIn the fourth EISF in Conversation podcast, we spoke to two humanitarians working in Iraq: Craige Grice, Norwegian Refugee Council (NRC) Security Adviser, and Salah Noori, NRC Programme Adviser. They discuss the significance of security risk management in accessing those in need and the challenges that gaining access can pose for humanitarians. Finally, they consider the need to increase efforts to develop the security capacity of national staff and mitigate their exposure to security risks.
2017-11-1516 min
The GISF Podcast - Global Interagency Security ForumEISF in Conversation: Heather Hughes, Oxfam GBIn the third episode of the EISF in Conversation podcast series, Heather Hughes, Oxfam GB’s Global Security Advisor, speaks about what security risk management means to her organisation. She highlights the benefits and importance of security risk management and challenges perception the perception that it is about being risk averse. Finally, Heather describes her responsibilities, the challenges that she faces and gives advice to those thinking about a role relating to NGO security risk management.
2017-10-1813 min
The GISF Podcast - Global Interagency Security ForumEISF in Conversation: Eva Svoboda, ODIIn the second episode of the EISF in Conversation podcast series, we sat down with Eva Svoboda, a Senior Research Fellow at the Overseas Development Institute, to discuss the humanitarian principles and how they relate to security risk management. Eva speaks about the importance of dialogue in achieving humanitarian access and the legalities of communicating with armed non-state actors. Finally, she considers what characterises good security risk management and the possible impact of the localisation agenda.
2017-09-2720 min