Shows
B&H Photography PodcastSay Less, with Dr. Greg GulbransenIn today's podcast, we'll be talking with Long Island-based pediatrician and self-taught photographer Dr. Greg Gulbransen, whose newly released book Say Less documents the three years Gulbransen spent embedded with Malik, the paralyzed leader of a Crips' set in the Bronx. Gulbransen details his journey from wildlife and fashion photography to documenting the lives of at-risk members of the Bikes Up Guns Down club to his most recent (and most daunting) project: photographing members of a violent street gang. Gulbransen also touches on his years-long campaign to require auto makers to install rear-view cameras in all American-made...
2024-08-291h 03
B&H Photography PodcastSay Less: Gangs & Guns, with Dr. Greg GulbransenIn today’s podcast, we’ll be talking with Long Island-based pediatrician and self-taught photographer Dr. Greg Gulbransen, whose newly released book Say Less documents the three years Gulbransen spent embedded with Malik, the paralyzed leader of a Crips’ set in the Bronx. Gulbransen details his journey from wildlife and fashion photography to documenting the lives of at-risk members of the Bikes Up Guns Down club to his most recent (and most daunting) project: photographing members of a violent street gang. Gulbransen also touches on his years-long campaign to require auto makers to install rear-view cameras in all Am...
2024-08-221h 05
Real CyberSecurityEp. 73 - Breach Disclosure Laws, Water Treatment, Faraday, and Walking AroundGreg and Bill discuss how breach disclosure laws could play out while discussing the recent events around SUNBURST, water treatment as targets, and the critical CISO skill of just walking around and talking to people.
2023-12-1446 minReal CyberSecurityEp. 72 - CISOs & the SEC, Cybersec Digital Fight Club, & TwitterBill reports that Mastodon lives on and how awful Twitter is, we talk about the SEC complaint re: the SolarWinds CISO, and Greg reports on his Digital Fight Club experience in Dallas (and how awesome it was)
2023-11-1748 minReal CyberSecurityEpisode 71 - Biggest Cybersecurity Tech & Idea Fails in 2023Bill and Greg nominate their candidates for biggest fails in cybersecurity in 2023 - we focus on the ideas or technologies that were hyped and just didn't deliver.
2023-10-3031 minReal CyberSecurityEp. 70 - Election SecurityCybersecurity for elections is likely going to be hitting the news more often. Bill and Greg discuss the big picture issues of election security, why governments struggle with election security at all (spoiler: it isn't because technology isn't available), and a brief discussion of rural and small jurisdictions. Here's the link to the poll book systems graphic we discuss during the episode:https://www.cyber.gc.ca/en/guidance/security-considerations-electronic-poll-book-systems-itsm10101
2023-10-1633 minReal CyberSecurityEp. 69 - AI, Breaches, Splunk, and Bears, Oh MyAn update of the state of AI cybersecurity (including the hype) and a roundup of noteworthy breaches in the news. Also our thoughts on Splunk.
2023-10-0641 minReal CyberSecurityEp. 68 - Posture Management in Cybersecurity - A Big DealThis week Bill and Greg dig into posture management - not the chair - but the posture of assets, people, and identities and such. We discuss why infrastructure and operating system companies won't ever make best in breed security, and why infrastructure isn't self-defending.
2023-09-1148 minReal CyberSecurityEp. 67 - Guest Jeff Wheatman, GRC, 3rd Party Risk, & More RiskDiscussion on risk, GRC, and 3rd party risk with former Gartner analyst who is now with Black Kite.
2023-09-0554 minReal CyberSecurityEp.66 - New SEC Cybersecurity Reporting Rules, & Jonathan FrakesGreg covers the new SEC rules for disclosing cybersecurity incidents, and our celebrity reporter Bill has a brush with greatness in the personage of Jonathan Frakes.
2023-08-0845 minReal CyberSecurityEp. 65 - National Cybersecurity Strategy, Startup FundingChallengesThis week in Real Cybersecurity we celebrate the 365 day countdown to Skynet, the Guidelines for the National Cybersecurity Strategy, startup funding challenges, & recent hack news including Microsoft and Revolut.
2023-07-2040 minReal CyberSecurityEp. 64 - Interview with Dr Gene SpaffordA real treat for you today, as Bill brought in his friend Spaff for a great chat. One highlight was hearing about his newest book, Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail UsAmazon link to his new book: https://a.co/d/3SCd1nGhttps://en.wikipedia.org/wiki/Gene_Spafford
2023-07-0753 minReal CyberSecurityEp. 63 - Secrets, Policy, and AI & Black SwansWe discuss Bill's ugly luggage, how new entries to the cybersecurity job market are often exploited, lapsing CISSPs, what really happened around Y2K, the limitations of AI in risk management, and why declassifying in a cavalier manner is catastrophic.
2023-06-2849 minReal CyberSecurityEp. 62 - Listener Questions about AIBill and Greg answer listener questions about AI. And we didn't use ChatGPT for our answers. I think.
2023-06-2139 minReal CyberSecurityEp.61 - Report from RSA Conference, and Maritime Cybersecurity.Our roving reporter Bill gives his impressions of the RSA Conference 2023, his talk on maritime cybersecurity he delivered just an hour before our recording. Greg asserts that without public-private partnership cybersecurity is hobbled vs the bad guys: but only if they each stay in their lanes.
2023-05-0238 minReal CyberSecurityEp. 60 - Cybersecurity of AI,& the Impact of a Bay Area Bank CollapseBill and Greg discuss the security aspects of AI, the 'black box' of AI is vulnerable to being manipulated or polluted, or having biases that aren't evident to subjects., how a Bay Area bank collapse will impact cybersecurity, and Bill's visit to CERIAS' anniversary with Gene Spafford.
2023-04-0336 minReal CyberSecurityEp. 59 - Cyber Security Framework (CSF) & Ransomware UpdateBill updates us about the updates to the NIST CSF (Cyber Security Framework), and we talk about the state of ransomware.
2023-03-1341 minReal CyberSecurityEp. 58 Securing FinTech, and a brief mention of AI, and ChatGPTGreg and Bill dig into the unique cybersecurity needs of FinTech, and manage to keep blockchain mentions down to a few mentions. In the 2nd part some brief security impact of ChatGPT and AI. Bill has a great story about naming collisions.
2023-02-1338 minReal CyberSecurityEp. 57 - The Crypto Queen, Airline Cybersecurity, and Downsizing vs Skills GapBill and Greg try and unravel where the Crypto-Queen has skedaddled to, how all airline IT and cybersecurity are not equal, and how downsizing hasn't made a dent in the cybersec skills gap and people shortage.
2023-01-2737 minReal CyberSecurityEp. 56 - Infragard, ChatGPT, Public-Private Partnerships, RussiaWe cover a lot of recent cybersecurity news, including AI developments, Infragard and the cyberwar part of the Russian/Ukraine war, and why it is the new era of Public-Private Partnerships
2022-12-1941 minReal CyberSecurityEp. 55 - Recession Cuts in Cybersec? Trim Here...Greg and Bill discuss options when faced with recession cuts. Cut shelfware, or a platform could be your best bet in getting rid of inefficiencies. Cuts in cybersec aren't a common thing, but even so, getting rid of inefficacies and shelf ware is a great way to improve security.
2022-12-0849 minReal CyberSecurityEp. 54 - Cybersecurity Supply Chain, Secure Code Isn't Secure ForeverThis week we talk about the issues in the wide-spread use of open source components, and what an attractive target that makes for the bad guys.
2022-12-0546 minReal CyberSecurityEp. 53 - Information Theory, Control Systems VulnerabilitiesBill educates us on satellite and control systems vulnerabilities, and we go philosophical on information theory. Sorry about the sound on one channel.
2022-11-2835 minReal CyberSecurityEp. 52 - Zero Trust Status,Twitter Drama, and 5.5G?This episode we answer the question "what is the state of zero trust?", and discuss the Twitter drama, Bill's recent talk in Santa Clara on automotive cybersecurity, and what the fudge is 5.5G (spoiler - not a real thing).
2022-11-1735 minReal CyberSecurityEp. 51 - Top 6 Cybersec Business & Tech Issues for 2023Bill and Greg present their top 6 issues you'll likely come across in cybersecurity in 2023. 3 are business related, and 3 are techie.
2022-10-2424 minReal CyberSecurityEpisode 50 - Lessons from the Uber Hack, and Machine Learning in CybersecurityRecent hacks of well known tech firms bring us some lessons learned. The biggest lesson is that creating a security debt often doesn't work out. Maybe a big part of our security staff shortage is we're producing the wrong kinds of security leaders, and good leaders won't go into bad security companies.In the second half we discuss the several roles of machine learning we see today in security.
2022-09-2640 minReal CyberSecurityEpisode 49 - The Cybersecurity Market, and Channels, Backup, and SMBBill gives the OneDrive screwdriver a 1 star review as a backup hammer. We discuss how this shows that consumer and enterprise security tools are different, and being good for one does not mean naturally it is good as the other - it takes a conscious effort. This leads to how moving to new buying centers takes a conscious effort, and even more so when the buying center isn't adjacent. How small and midsize companies' cybersecurity is so unique.
2022-09-0436 minReal CyberSecurityEpisode 48 - Reports from ReInvent, Black Hat, DEFCON & Crypto FoolishnessBill and Greg report on what Bill saw at AWS ReInvent, and what they've heard from Black Hat/DEFCON (spoiler - nothing earth shattering). The security nonsense continues in the cryptocurrency world. Greg talsk why Continuous Assessment is the most important trend.
2022-08-2640 minReal CyberSecurityEpisode 47 - Industrial Components Hacking, and What About Russia?ICS security course tales, hacking factories, the current state sponsored landscape.
2022-08-0942 minReal CyberSecurityEpisode 46 - Eavesdropping, and the Bad News of Privacy & Security DivergingThe Real CyberSecurity podcast talks suspected state-sponsored eavesdropping using equipment providers, famous incidents involving tampered devices in embassies.Privacy and cybersecurity seem to be diverging and that has to stop.And how awesome the cybersecurity vibe in the US Northeast.
2022-07-2741 minReal CyberSecurityE45 - Cryptocurrency, and Quantum CryptoBill and Greg discuss why even though blockchains have great inherent security, the businesses and applications that are using them for cryptocurrency are not. They then explore why we are planning now for Quantum Crypto, and what "Quantum Safe" means.
2022-07-2141 minReal CyberSecurityEpisode 44 - RSA Conference After Action ReportBill gives a post event report on the RSA Conference.
2022-06-2318 minReal CyberSecurityEpisode 43 - Talking to the Board About CyberSec, and HalifaxBill files his report from his trip to Halifax, how not all cybersec issues are technology, how outsourcing is best as a balanced approach, and how the most complex cybersecurity conversations are actually the business ones.
2022-05-2438 minReal CyberSecurityEpisode 42 - Ukraine, Stuxnet Details Revealed & Are Security Conferences Dead?Bill discusses the great Microsoft report on the revealed details of the cyberwar aspects of Ukraine & Russia war, and The Countdown to Zero Day book about Stuxnet. And Greg discusses why security conferences need to change.
2022-05-0340 minReal CyberSecurityEpisode 41 - Why CyberSec Pros Quit, Gartner's Top 7 Sec Trends, and APIsGreg and Bill review two pieces - Top reasons cybersec people leave their jobs by SecurityMagazine.com, and the Top 7 CyberSecurity Trends by Gartner as reported on by VentureBeat. Kudos to Peter Firstbrook for his comments that clarified the article and press release. Bill gives a really good description of the issues around Identity of Things. Greg opines we're about to enter the golden age of API richness in security, especially APi-API.
2022-04-1235 minReal CyberSecurityEpisode 40 - Hacked Traffic Signs, Mesh CyberSec, Ukraine War COMSECHacked traffic enunciator boards, the reports of the top passwords from a hack, how poor communications security is in the news for the Ukraine war, security education, and internet of things chat. And a tutorial on Mesh Cybersecurity.
2022-03-3142 minReal CyberSecurityEpisode 39 - Ransomware and UkraineBill and Greg discuss the impact should Russia disconnect form the internet, Pi Day, Conti Ransomware group messages, and the dynamic of Ransomware - how does the war in Ukraine change ransomware now that state sponsored entities are busy?
2022-03-2140 minReal CyberSecurityEpisode 38 - Web 3.0, CyberScams & Money-laundering: the High and Low TechWill Bill (not to be confused with Kill Bill, because we really like Bill) be going to prison for tax evasion? Maybe, if you believe the sketchy letter he got in the snail-mail from "The Federal Tax Authorities". Scammers continue to evolve. They haven't gone away because they are still making money. In this episode we discuss some recent scam trends, and a case from last week of the FBI seizing billions in Bitcoin from alleged money launderers.
2022-02-1648 minReal CyberSecurityEp 37 - Privacy Week - How We Don't Have Much Privacy But We Can Get It BackWe're in a strange place in the cycle of Data Privacy. We give it away, but seem most concerned about it. Greg and Bill pull on some threads including social media, encryption, VPNs, and how we got here. Happy Data Privacy Week!
2022-01-2832 minReal CyberSecurityEpisode 36 - Holiday Scams, Some Different Talk About Log4JI think the Union of Cybersecurity Workers Local 404 says we have to talk about Log4J. except we'll discuss some different aspects of it. Avoiding holiday scams and talking to your families about them. Some positive comments about Australian cybersecurity culture.
2021-12-2243 minReal CyberSecurityEpisode 35: When Physical and Cyber Security CollidesWe dip into some history of hacking and spying where the technical security and physical security were both involved. The Thing, U2 and SR71 planes, ransomware as a service, bugged embassies, ... so much to discuss! Cybersecurity companies with poor physical security are not to be trusted. Why embedding security in silicon is and will continue to be bad.
2021-11-2552 minReal CyberSecurityEpisode 34 - The Morris Worm, F12 Responsible Disclosure, and TarThis episode we roast the continuing awfulness of companies and politicians who accuse vulnerability researchers of hacking, Bill gives a history lesson on tarry substances used on crypto boards, and how the Morris Worm changed history.
2021-11-1045 minReal CyberSecurityWeek 4 of Cybersecurity Awareness Month - Social Media SecurityNational Cybersecurity Awareness Month (NCSAM) is October! In this special week 4 of 4 (the finish line!) of NCSAM episode we are speaking to consumers and individuals about social media security. A lot of security professionals have zero social media presence, but that's not the reality for most people. You can engage without undertaking high risk. And being respectful of the privacy and security others in your posts and feeds. Listen in and join us!
2021-10-2517 minReal CyberSecurityWeek 3 of Cybersecurity Awareness Month - Password ManagementNational Cybersecurity Awareness Month (NCSAM) is October! In this special week 3 of 4 of NCSAM episode we are speaking to consumers and individuals about passwords - those security things we all love to hate. But still, we have to protect them. Greg and Bill talk about some ways to make them easier to manage, and how to choose them. We also say the word entropy a lot, because it makes us sound more serious.
2021-10-1814 minReal CyberSecurityWeek 2 of Cybersecurity Awareness Month - Device SecurityNational Cybersecurity Awareness Month (NCSAM) is October! In this special week 2 of 4 of NCSAM episode we are speaking to consumers and individuals about device security. All your phones, TVs, and routers and such. protect yourself, and not just this month.
2021-10-1217 minReal CyberSecurityWeek 1 of Cybersecurity Awareness Month - Surfing SafelyNational Cybersecurity Awareness Month (NCSAM) is October! In this special week 1 of 4 of NCSAM episode we are speaking to consumers and individuals about surfing (the web) safely.
2021-10-0414 minReal CyberSecurityEpisode 33 - Security Startups and CyberSecurity FameSome reality about security startups, the fool's gold and FOMO-stress of fame in social media and conferences for cybersecurity, some career advice, Bill has some great advice about what makes a good organization and some criteria for buying companies, and Greg points out that the difference in cybersecurity companies who have stock market success vs those whose target is making the best cybersecurity matters when you are buying stock vs buying products.
2021-09-2255 minReal CyberSecurityEpisode 32 - Orange Books, Spam, and How the Big IT Vendors Struggle With SecurityGreg and Bill talk some cybersecurity history about the Orange Book, and how fundamentally the approach to what we put security into has changed. Big IT vendors have trouble with security because it isn't their core business.
2021-09-1557 minReal CyberSecurityEpisode 30 - DevSecOps, Zero Trust, and Conference CelebsBill and Greg cover the history of app security testing, why it is neglected, web application firewalls, code scanners, and how the devsecops loop is still mostly aspirational. Some thoughts on Zero Trust, and ... The Zachman Framework! DEFCON is here, trade show giveaways, and the most memorable celebrity keynotes.
2021-08-0552 minReal CyberSecurityEpisode 31 - Bread, Tinder, and About That CyberSec Whitehouse MeetingGreg and Bill discuss, if in charge for a day, what they would change in cybersecurity to break the cycle we are in. Greg has big issues about that meeting of CEOs concerning cybersecurity at the White House. Bill talks defect analysis. How challenging the CISO job is in government, and we salute you. AI and security clearances!
2021-08-0357 minReal CyberSecurityEpisode 29 - Ransomware and The Money of It, and What Business Will Be Like In 2022We start out with a few presentation tips, and do a status check on these unprecedented pajama-bottom wearing times. How the cybsersecurity culture in companies will be different in 2022. Complexity in the new hybrid telework/in-person will be exploited. SASE as a good tool to accommodate new business processes. What the near term of Ransomware as a service is. The biggest impact on Ransomware would be interrupting payments. We talk about our big current topics - XDR, Zero Trust, Resilience, Supply Chain, and SASE.
2021-07-2841 minReal CyberSecurityEpisode 28 - Keeping Secrets, Rise of Ransomware, Ethics in CybersecurityBalancing security education with security technology. Real risk: livestock are a bigger threat than sharks, and what about self-driving cars. The role of federal governments in tamping down ransomware activity. Small and Midsize Organization security. The dark arts of the Common Criteria and Formal Methods. Bill drives the Trolley Car in the Trolley Car Problem.
2021-06-141h 01Real CyberSecurityEpisode 27 - How Virtual Cybersecurity Conferences Can Be Better. And Zoom BackgroundsWas in-person RSAC only a year ago? Selling passwords for candy bars, thinking back to RSA 2020, the good and bad of virtual events, and green M&Ms. Virtual cybersecurity events need to be a rethinking of the event format, not the worst of both worlds. And stop recording sessions months in advance. And Zoom backgrounds.
2021-06-0136 minReal CyberSecurityEpisode 26 - 6G Security! Oh yeah and 5G Security. And Connected Cars.Greg talks 6G security, allowing Bill to explain the real cybersecurity of 5G security. this leads us to the nexus with how the next gen of communications will need trustworthiness for connected cars.
2021-04-2317 minReal CyberSecurityEpisode 25 - SolarBurst, Commander Elon, Supply Chain Attacks, and HoodiesBill and Greg dissect parts of the SolarBurst and water filtration hacks, and Bill confirms that all criminals wear hoodies so Greg proposes banning hoodies. We cover the issues of Supply Chain security.
2021-03-0942 minReal CyberSecurityEpisode 24 - Guest: Brian Reed Talks Data Loss Prevention (DLP), and Working at GartnerBrian Reed is proof that you can be smart, nice, a great father, and successful in security. Brian is a long time Atlantan (the city in Georgia, not the underwater one) and has been doing security IBM, ISS, Gartner and Proofpoint. Brian talks about:- 2021 and the nexus between the upsides of DLP and the risks to privacy and surveillance if not done right.- Remote working and security.- Bill's dislike of open offices.- His experience at Gartner, overlapping with Bill and Greg. We each name the smartest non-security analyst at Gartner we w...
2021-01-1552 minReal CyberSecurityEpisode 23 - Backdoors, 5G Causes Security, & Security Clown FactoriesBill shines a flashlight on the truth about 5G radiation, and shares his chicken recipes to demonstrate the difference in spiciness. We get seriousness about the security relationship between IoT and 5G and why they are so closely linked. Bill says good things about Christopher Krebs. Greg explains that investors and products buyers look at security companies differently. Greg laments the greed-over-security and clown factory theory of the Bay Area security scene. Greg and Bill agree that the Atlanta and Austin areas are great security scenes.
2021-01-0835 minReal CyberSecurityEpisode 22 - Interview with John Pescatore of SANSGreg and Bill interview John Pescatore from SANS about what's going on in the whacky world of cybersecurity. We cover a lot of ground including the breadcrumbs that attackers leave, the history of SANS, what are the big topics in the SANS community, Zero Trust, supply chain security, 2FA - why isn't it standard?, bug bounty programs, and the idea for a Netflix reality series called "This Old Firewall". And how nasty online events are right now, and how to fix them.
2020-11-1253 minReal CyberSecurityEpisode 21 - Hacked Car Things, PrezentationKraft, & Sanctioned by A Foreign GovernmentBill updates us on some recent threat and vulnerability reports. Greg thinks that all CIOs need an animatronic CISO hype-man, and that people would pay money to have sanctions against them announced by an evil foreign government. Our oddball segment of the day is what mugs we have on our desk. How we build and deliver a great security presentation, but we talk about when we bombed. Bill says Moby Dick, Moby, MOBI? And we can't hate Rob Lowe.
2020-08-3141 minReal CyberSecurityEpisode 20 - Live from Black Hat, Election Security Is Easy, Rogue RobotsLive (virtually) from Black Hat we give an update on what is being focused on. We agree that presenting without a live audience requires a different approach than live stage presentations. Bill reaches for smelling salts when confronted with rogue industrial robots, and Greg thinks secure voting is easy. Yes, really.
2020-08-1037 minReal CyberSecurityEpisode 19 - The Twitter Breach & Bitcoin, and Occam's Dumb BrotherBill and Greg cover the recent Twitter breach and try and unpack what maybe happened and what lessons we can learn from it. We invent a security axiom of "Occam's Younger Dumber Brother's Razor". We recount some insider cases, how too often good deeds are punished, and we give some career advice. And what is becoming a regular segment, we disclose what we're currently reading.
2020-07-2942 minReal CyberSecurityEpisode 18 - Foundations of Cloud Security, & Impacts of 5G and Cloud Garbage CollectionWe take a helicopter up a few thousand feet to suss out what cloud security is really about. What security problems does cloud fix? What security problems does it introduce? One hypothesis is that a lot of IT is unnecessarily 'custom', and so is the security with it. The reality in the world is there is still a lot of on-premises IT, multi-cloud, and shadow IT today. Bill brings up the real issues of cloud resource garbage collection and the impacts of counters, and Greg shouts out 'object re-use!' and 'Y2K!' like a crazy person.
2020-06-2941 minReal CyberSecurityEpisode 17 - Big Trouble in Privacy and Surveillance, and the Cybersecurity "Channel"Current events are highlighting the nasty issues around privacy and broad surveillance. As some companies announce they will no longer support certain applications of facial recognition we discuss the shift in privacy to being up to the individual. We talk about "The Channel" during the week when Canalys releases their annual Global Cybersecurity Matrix. No not TV channels, but the channel of partners that are how cybersecurity products get from the makers to the users.
2020-06-1147 minReal CyberSecurityEpisode 16 - Facebook Jail, Cybersecurity Lies, & Why You Don't Have to Speak at Sec ConsWe discuss the issues of dishonesty in cybersecurity marketing, that it's OK to not speak at security conferences, a bunch of non-traditional book references for cybersecurity, and our favorite conferences . And Bill ends up in Facebook jail for crimes involving cat videos.
2020-06-0245 minReal CyberSecurityEpisode 15 - Security Artificial Intelligence and False Positives, and Election SecurityBill gets thrown in Facebook jail for crimes involving cat videos. We talk about how the importance minimizing Peak awesomeness is achieved when Bill gives us the security book recommendations from our listeners. And we lose our minds and go on a security book recommendation binge ourselves. We revisit election security. Greg has false negative brain syndrome because gets his spies mixed up (Aldrich Ames confused with Robert Hannsen), says transitive when he meant transitory, and creatively edits Keanu Reeves' bio.
2020-05-2143 minReal CyberSecurityEpisode 14 - MITRE ATT&CK and Voting SecurityWe return after Bill has recovered from a denial of service attack, and cover the basics of where MITRE ATT&CK fits into the security world, and how Greg is a fan of it after his initial skepticism. Where does IoT fit into MITRE? Bill poses a big question - is remote voting security possible? We agree that ML and AI in automated screening out of job candidates is a garbage practice, and finish up with some reading recommendations.
2020-05-1250 minReal CyberSecurityEpisode 13 - Secrets for Success and Failure for CISOs, and What XDR IsWe kick off with much discussion on CISOs: the secrets and qualities of successful them, where they fit into the org chart and their role and how that has changed. XDR - what is it? We try and parse out what XDR means vs platforms, how it helps threat hunting, and how it deals with issues such as alert fatigue, and obfuscation.We also hear that Greg got a haircut from a professional stylist during an office Zoom chat (without violating lockdown) lowering his popularity with colleagues, while Bill rocks a Renaissance hat and gets into D&D...
2020-04-2241 minReal CyberSecurityEpisode 12 - Zoom Security, Spy Movies, and LockpickingThere's a lot of discussion about webconferencing security, so we do some more! We agree on and name the must-see movie about spies, the difference between stealth and force in locks and lockpicking, attackers playing the long game, and Bill mentions the Mythical Man Month (which is not a statutory holiday).The podcast Greg mentioned was "I Spy" by Foreign Policy. https://open.spotify.com/show/3MOUvGwMfXnhsfUybX6vip?si=Yzf7H6qwQTC9uVpRvezo3A
2020-04-1429 minReal CyberSecurityEpisode 11 - Worst Security Practices, and Supply Chain IntegrityThis week we cover a few hot topics and it's a good one. Supply chain integrity is a big one. And we talk worst security practices. No, we aren't recommending these. We discuss about why Y2K provides us with lessons we need. Bill tells a great story about back up tape retrieval and airports, and some good advice on consequences and clear code. Greg relates the story of tampered typewriters and that he wants to visit the Kryptos statue at the CIA.
2020-04-0843 minReal CyberSecurityEpisode 10 - Telework & Security - Interview with John Girard (Part 2 of 2)Telework is a big topic right now, and with any big topic we need to answer the questions about security. Who better to bring on and chat than John Girard? Recently retired (although up to more mischief than ever) John spent 25 years at Gartner, leading topics like SSL VPNs and mobile device management. So join John and us talk about telework security, but also some non-security telework advice.In this second half of the interview we cover split tunneling, telework culture, investments in your productivity, our own experiences as long time teleworkers, the history of the Wireless Bro...
2020-03-3144 minReal CyberSecurityEpisode 9 - Telework & Security - Interview with John Girard (Part 1 of 2)Telework is a big topic right now, and with any big topic we need to answer the questions about security. Who better to bring on and chat than John Girard? Recently retired (although up to more mischief than ever) John spent 25 years at Gartner, leading topics like SSL VPNs and mobile device management. So join John and us talk about telework security, but also some non-security telework advice. John is famous for his elaborate Halloween displays, but we won't talk about that ... this time. Part 1 of 2.
2020-03-2534 minReal CyberSecurityEpisode 8 - Intro to Blockchain & Cryptocurrency - Fertilizer and FactsSpring is around the corner so when looking for a high grade fertilizer stronger than manure we decided to combine blockchain and cryptocurrency. Blockchain is great security technology, but it is usually just badly implemented or treated like magic. The anonymity and irrefutably are great features of cryptocurrency, but the evil side that stains the technology holds them back as ransomware payouts are all made in Bitcoin. And we talk about the T word - Trust. And maple syrup. And why Keith Richards should replace Matt Damon.
2020-03-1729 minReal CyberSecurityEpisode 7 - RSAC After Action Report, Worms, AI & DevOps SecurityGreg provides his post-RSA Conference report. We discuss the origins of worms and viruses, and continuous audit, Bill discloses his history in code testing, and why buffer overflows persist. We give a list of some cool AI-in-security use cases. There's even a SoundCloud analogy. And more!
2020-03-1029 minReal CyberSecurityEpisode 6 - Interview of Richard Stiennon, and Security Company LeadersBill and Greg interview Richard Stiennon, who discusses his new book Security Yearbook 2020 and how it is a survey and history of the industry. We discuss that how non-security CEOs fare in the security market, and why non-security companies don't lead in security. And how awesome/nasty an "I Told You So, Security Edition" book would be, how small the cybersecurity industry is, and our favorite security leaders.His book is available here: https://www.amazon.com/dp/1945254041/ref=cm_sw_em_r_mt_dp_U_VwxxEb5J3J4CW We don't have one of thos...
2020-03-0330 minReal CyberSecurityEpisode 5 - Backdoors, 5G Backdoors, and ...Intergalactic Slugs?Backdoors, software assurance, and supply chain are big topics in cybersecurity and related. Backdoors can be intentional or just sloppy design. The concern over manufacturer added backdoors in 5G has been a political and policy issue. Bill and Greg discover a shared love of Vancouver bar bands of the 80s, and Bill plants a Beastie Boys earworm.
2020-02-2528 minReal CyberSecurityEpisode 4 - 5G Security - Say 'Gee, That's A Big Security Headache' 5 Times5G security is a real cybersecurity topic (play on words intended). It's not just a mere upgrade from 4G, like 3G to 4G was. The architecture of wireless communication is changing and driving more and different edge computing - security changes with that new reality. And if that weren't enough buzzword-bingo, IoT security will change, and so will privacy and lawful intercept.
2020-02-1823 minReal CyberSecurityEpisode 3 - Cybersecurity Skills Shortage? Or Are We Bad At PeoplingBill and Greg measure the cybersecurity skills gap and find out that is may be measured in units of Mismanagementograms. Bill seems to know a lot of companies in Southern New Jersey. We give some career tips for anyone looking at getting into cybersecurity. Greg mentions feral donkeys, and rants about automated HR CV filters that filter out qualified candidates. Bill and Greg give shoutouts to unrecognized heroes of ITSecurity who deserve awards. #cybersecurity #hacking #security #crytography
2020-02-1231 minReal CyberSecurityEpisode 2 - Everybody Hates PasswordsBill and Greg are not experts in Identity and Authentication Management (IAM), but they have some opinions. Why "Passwordless Authentication" isn't. The business friction that is created by lazy authentication. We cover why we should start using the approaches of threat facing security for IAM - like the data lake of XDR to spot bad things, why not a similar approach of a bunch of data to spot good people and let them in? Bill discloses his long password.
2020-02-0424 minReal CyberSecurityEpisode 1 - Big IoT JapanBill just returned from Japan and we discuss whether there are regional differences in cybersecurity. The focus of our talk is IoT, why we are still talking about IoT security, and why the standards efforts around IoT are misplaced. It finishes up with ... gasp.. actionable advice!
2020-02-0119 minReal CyberSecurityEpisode 0 - The Real CyberSecurity Podcast IntroductionThis is what the Real CyberSecurity Podcast is about. FUD-free analysis of the bigger topics in securing enterprises, with a guarantee of actionable advice in each weekly episode. Hosted by Bill Malik and Greg Young.
2020-02-0101 min