Shows
Listening With Leaders238 - Navigating the Complex Landscape of Cyber Threats with Nisos' Ryan LaSalleYour host, Doug Noll, talks with the CEO of Nisos, Ryan LaSalle. Nisos is a cybersecurity and threat intelligence firm. Ryan recounts his 26-year career at Accenture and his transition to Nisos, emphasizing the company's focus on "managed intelligence" to combat digital threats. He discusses the complexities of cybersecurity, the impact of AI, and the importance of listening and empathy in leadership. Ryan highlights the need for organizations to protect against digital and physical threats and underscores the value of proactive engagement and validation in fostering a resilient organizational culture.To learn more about Ryan's work, click...2024-08-1329 min
Category VisionariesDavid Etue, CEO of Nisos: $33 Million Raised to Build the Future of Managed IntelligenceWelcome to another episode of Category Visionaries — the show that explores GTM stories from the tech's most innovative B2B founders. In today's episode, we're speaking with David Etue, CEO of Nisos, a managed intelligence platform that has raised $33 Million in funding. Nisos operates at the intersection of cybersecurity and intelligence services, focusing on providing actionable insights to corporate security, cybersecurity, and trust and safety teams.
Here are the most interesting points from our conversation:
Nisos's Unique Positioning: As a managed intelligence company, Nisos distinguishes itself by converting data into actionable intelligence, addressing the gap...2023-09-2028 minCategory VisionariesDavid Etue, CEO of Nisos: $33 Million Raised to Build the Future of Managed IntelligenceWelcome to another episode of Category Visionaries — the show that explores GTM stories from the tech's most innovative B2B founders. In today's episode, we're speaking with David Etue, CEO of Nisos, a managed intelligence platform that has raised $33 Million in funding. Nisos operates at the intersection of cybersecurity and intelligence services, focusing on providing actionable insights to corporate security, cybersecurity, and trust and safety teams.
Here are the most interesting points from our conversation:
Nisos's Unique Positioning: As a managed intelligence company, Nisos distinguishes itself by converting data into actionable intelligence, addressing the gap...2023-09-2028 min
Know Your Adversary™Democratizing Ransomware as a Service with Nisos Intelligence Advisory Paul MalcombIn Episode 91 of TheCyber5, we are joined by Paul Malcomb, Intelligence Advisory for Nisos. Paul brings over 15 years of experience from Fortune 500 security teams and the public sector including incident response, threat intelligence, and third-party risk management. In this episode, Paul explains how the ransomware-related ecosystem is evolving and provides insights to some of the newer threats organizations face. Below are the three major takeaways: Ransomware actors no longer need to be end-to-end capable and are now very decentralized: Gone are the days where...2023-03-2826 min
the CYBER5The Top Nisos Investigations Of the Last Seven Years with Nisos Research Principal Vincas CiziunasIn Episode 89 of TheCyber5, we are joined by Nisos Research Principal, Vincas Ciziunas. It was 7 years ago, at a restaurant in Ashburn, Virginia, when Nisos’ co-founders Justin Zeefe and Landon Winkelvoss met Vincas. At the time, Vincas was working as a contractor for the US government but was considering a pivot into the private sector. It was Vincas’ impressive intellect, strategic thinking, and technical capabilities that made him the ideal intelligence operator on whom to depend for the launch of Nisos. Over the course of several years, Vincas’ experience, as a developer, open threat intelligence analyst...2023-02-0827 minthe CYBER5The Vital Role of Customer Success in Intel Programs with Senior Director of Nisos Brandon KappusIn Episode 88 of TheCyber5, we are joined by Nisos Senior Director for Customer Success, Brandon Kappus. Here are five topics we discuss in this episode: Intelligence Playbooks Start with Education to the Customer Playbooks should include three major steps. The first step is education on how intelligence is going to be consumed and not be nonstop noise. Discussions between customers and vendors should start around requirements that customers are trying to address with business stakeholders. Understanding Commercially and Publicly Available Data to Avoid Noise The next step in an...2023-01-2427 min
The SommelierEvie Olson | Level IV Sommelier at Nisos MediterraneanEvie is a Sommelier with Nisos Mediterranean in Chicago’s West Loop. She started her career as a dancer for the Minnesota Timberwolves, eventually moving into sports broadcasting. However, she didn't want to solely focus on sports and decided to explore other passions. This led her to a gig hosting a wine and spirits segment, despite initially knowing nothing about wine. In order to become more knowledgeable about her subject matter, Evie took a course through the Wine and Spirits Educational Trust (W SET). She found the course to be fascinating and ended up becoming hooked on lea...2022-12-2224 minthe CYBER5Driving Diversity in Cyber Security and Intelligence with BGH Security CEO Tennisha MartinIn episode 82 of The Cyber5, we are joined by guest moderator and senior intelligence analyst for Nisos, Valerie G., and CEO of BGH Security, Tennisha Martin. In this episode, we discuss the challenges and opportunities of promoting and enabling diversity and inclusion in cyber security. Key Takeaways: Showing Impact for Diversity and Inclusion (D&I) within Security Beyond filling cyber security skills gaps, some metrics that show success in D&I include: Jobs Feeling more confident in interviews Recommending minorities for employment opportunities Educate abou...2022-09-2218 minthe CYBER5Digital Transformation and Threat Intelligence Use in the US Public Sector with Former Booz Allen Hamilton Manager Gaurang ShahIn episode 78 of The Cyber5, we are joined by our guest, Gaurang Shah, former senior lead technology manager at Booz Allen Hamilton. We talk about the challenges of digital transformation and cybersecurity in the US federal government. We discuss solutions for bringing innovative technology and bespoke services into the federal space and how to shorten long procurement cycles. We also cover what the federal government can learn from the private sector, including how to shrink the ongoing cyber skills shortage. Four Takeaways: Federal CISOs and CIOs Think Cloud Migrations Will Not Bake in Security ...2022-07-1231 minthe CYBER5Moving a Security Team Beyond IOCs and Positioning for Stronger Outcomes with Senior Manager of Deloitte Eric LekusIn episode 77 of The Cyber5, we are joined by our guest, Eric Lekus, Senior Manager for Threat Intelligence at Deloitte. Eric delivers for Deloitte’s internal security team and is not a client-facing consultant. We talk about how to evolve cyber threat intelligence in a SOC environment, beyond basic indicators of compromise (IOC) integration. We discuss the different stakeholders a CTI team has beyond a SOC, but also focus on what a CTI team needs to push and pull from a SOC to be relevant for a broader audience. We also outline success metrics for a CTI tea...2022-07-0522 minthe CYBER5Topic: Elevating Private Sector Intelligence through Professionalization with Harvard University's Maria RobsonIn episode 76 of The Cyber5, guest moderator and Nisos Director for Product Marketing, Stephen Helm, is joined by our guest, Dr. Maria Robson, the Program Coordinator for the Intelligence Project of the Belfer Center at Harvard University's Kennedy School. We discuss the evolution of intelligence roles in enterprise and the ultimate path for intelligence professionals. We cover ethics in private sector intelligence teams and the role of academia in fostering not only the ethics, but also the professionalization of private sector intelligence positions. Dr. Robson also discusses insights into how proactive intelligence gathering capabilities tends to provide m...2022-06-2821 minthe CYBER5Open Source Intelligence's Role in the National Security and the Broader Public Sector with Grist Mill Exchange's Kristin WoodIn episode 75 of The Cyber5, we are joined by Grist Mill Exchange CEO, Kristin Wood. We discuss open source intelligence (OSINT) use in the U.S. public sector, not only with national security but also with the emergency response sectors. We talk about how open source intelligence has evolved in the last ten years and talk about how adversaries use open source intelligence against us. We also discuss how the U.S. needs to catch up with not only how to operationalize OSINT in meaningful ways, but how the U.S. government can procure bleeding edge technologies...2022-06-1431 minthe CYBER5Evolving the Physical Security and the GSOC with Open Source Intelligence Collection and Analysis with Director of GSOC Operations for the NFL Robert GummerIn episode 74 of The Cyber5, we are joined by Robert Gummer, the Director of the Global Security Operations Center (GSOC) for the National Football League (NFL). First, we talk about how to expand the mission of a global security operations center (GSOC) using open source intelligence. We talk about the role of vendors in the GSOC ecosystem and how open source intelligence can be aggregated in the case management systems across all facets of a GSOC fusion center. We also talk about how to educate business stakeholders to make them a valuable intelligence consumer. We further discuss h...2022-06-0838 minKnow Your Adversary™Compare and Contrast Saudi Aramco and Colonial Pipeline Cyber AttacksIn Episode 10 of Know Your Adversary™, ICE Miller Managing Partner Guillermo Christensen discusses the difference between the 2012 Saudi Aramco destructive cyber attacks and the 2021 Colonial Pipeline ransomware attacks. In 2012, Iran attacked Saudi Arabia-based Aramco’s information technology (IT) infrastructure, denying service to the entire company to the point that Aramco gave gas away for free. Fast forward to 2021, a Russia-based ransomware gang Darkside attacked the IT infrastructure of Colonial Pipeline, particularly the billing system. When Colonial Pipeline couldn’t determine how to charge customers, instead of giving gas away for free, they shut down the pipelines thus denyin...2022-06-0142 minthe CYBER5Threat Intelligence Usage in API Security and DevSecOps with Snap Finance Chief Security Officer Upendra MardikarIn episode 73 of The Cyber5, we are joined by Snap Finance Chief Security Officer Upendra Mardikar. We discuss how threat intelligence is used in application programming interface (API) security and development security operations (devsecops). Any organization building an application has data or user-generated content as the primary product. Once connected to customers, consumers, clients, or partners there is a new set of security considerations generated. The API serves as the software intermediary that allows two applications to talk to one another. It's bad enough if an attacker exfiltrates sensitive data, but imagine if they are a...2022-05-2434 minthe CYBER5Integrating Threat Intelligence into an Application Security and Fraud Program with DoorDash’s Patrick MathieuIn episode 72 of The Cyber5, we are joined by DoorDash Application Security Manager, Patrick Mathieu. We talk about threat intelligence's role within applications security programs, particularly programs focusing on fraud. We discuss the importance of prioritization between what could happen, as often seen in penetration testing, and what is happening, as often seen with threat intelligence. We also talk about the different types of internal and external telemetry that can be used to drive a program and discuss the outcomes that are critical for an application security program to be successful. Three Key Ta...2022-05-1828 minKnow Your Adversary™OneSight Backstage Management System: Attributing a Chinese Marketing Firm’s Tools to Disinformation CampaignsIn Episode 9 of Know Your Adversary™, Nisos researcher Zeshan Aziz revealed that Chinese commercial marketing firm OneSight, developed a sophisticated social media management and monitoring system called OneSight Backstage Management System to propagate political disinformation against the Uyghur community. The research indicates the Chinese Communist Party (CCP) likely conducted the campaign. Previous research into a breach of OneSight identified sophisticated social media surveillance tooling was used for widespread disinformation campaigns across many prominent Chinese and U.S. social media platforms. These campaigns targeted political topics, including Uyghur dissidents and anti-COVID19 messaging. While OneSight won legitimate contracts with th...2022-05-0431 minthe CYBER5Building Your Own Intelligence Program within the SOC and BeyondIn episode 71 of The Cyber5, guest Nisos moderator and teammate Matt Brown is joined by security practitioner Matt Nelson. They talk about a recent intelligence blog Matt Nelson wrote about how to operationalize intelligence for the SOC and some outcomes that an incident response team looks for from intelligence. They also talk about how to make intelligence more broadly used for investigations and discuss the intelligence market more holistically. Three Key Takeaways: 1) Threat Intelligence Augments Threat Hunting in the Security Operations Center (SOC) Intelligence requirements are critical throughout the business and...2022-04-2526 minthe CYBER5Holistic Uses of PDNS and BGP Data to Address Intelligence Needs in the Private SectorIn episode 70 of The Cyber5, we are joined by Open Source Context Director of Operations, Donald McCarthy. We discuss external telemetry available to the private sector, focusing on passive domain name systems or passive DNS, and Border Gateway Protocol or BGP. These data sets are critical for threat intelligence teams, as they often provide crucial information on attacker infrastructure for the SOC. Still, they also help solve problems and provide context on a much broader scale. Three Key Takeaways: 1) What is Passive DNS and how is it collected? To simplify, passive...2022-04-0639 minthe CYBER5Future of XDR, SIEM, SOAR, and Threat IntelligenceIn episode 69 of The Cyber5, we are joined by Lima Charlie’s CEO, Maxime Lamothe-Brassard. We discuss the future of what's known in the security industry as XDR, which is essentially an enrichment of endpoint detection response products. Three Key Takeaways: 1) What is XDR? Depends who you ask. XDR is not another tool, but merely an extension of Endpoint Detection and Response (EDR) products. Gartner expects 50% of mid-market buyers to adopt XDR strategies by 2027. For context, in around 2010, cybersecurity vendors started driving stronger antivirus solutions for endpoint computers and servers, called Endpo...2022-03-2931 minthe CYBER5Enterprise Stakeholder Management and the Use of Threat IntelligenceIn episode 68 of The Cyber5, we are joined by Executive Director and Head of Global Threat Intelligence for Morgan Stanley, Valentina Soria. We discuss leading a large-scale threat intelligence program in the financial institution space and how to make intelligence absorbable by multiple consumers. We also talk about how intelligence teams can build processes and technology at scale to increase investment costs to criminals. Finally, we touch on large enterprises being a value-add to small and medium-sized businesses. Two Key Takeaways: 1) Intelligence is Valued Differently By Different Stak...2022-03-2227 minthe CYBER5Value of Securing Containers in the Technology Supply Chain with Security Practitioner Julie TsaiTopic: Value of Securing Containers in the Technology Supply Chain In episode 67 of The Cyber5, we are joined by senior security practitioner Julie Tsai. We discuss security and intelligence in modern-day technology platforms, concentrating on how to secure the impact that container and cloud environments have on the technology supply chain. Compliance and intelligence play a critical role in the application and development of supply chain risk. Specifically, when developers perform code commits and updates, we discuss the criticality of intelligence and compliance to ensure code is truthful, accurate, and complete. Thr...2022-03-0127 minthe CYBER5Building a Security Team to the Business And Using Intelligence to Inform the Proper Risk Strategy with H&R Block CISO Josh BrownIn episode 66 of The Cyber5, we are joined by H&R Block Chief Information Security Officer (CISO) Josh Brown. In this episode we discuss the importance in building an informed security team that can collect intelligence and proper risk strategy. We have a frank conversation about what the business of security means and how to develop a team that understands multiple business lines so a security team is anchoring their security strategy to how the company is driving revenue. We talk through how to do this at scale within the intelligence discipline that touches many lines of ris...2022-02-2437 minKnow Your Adversary™Human Intelligence Recruitment of an Employee to Deploy RansomwareIn Episode 8 of Know Your Adversary™, we detail an August 2020 investigation when a Russian gang member named Egor Igorevich Kriuchkov traveled to the United States to recruit an employee of a US-based manufacturing company and to install ransomware on the network via USB thumb drive. He offered the employee $500,000, and if the operation was successful, the Russian gang was going to extort the company for $5,000,000. Fortunately, the company prepared the employee for this type of scenario and reported Egor. A subsequent FBI investigation arrested Egor and deported him back to Moscow, since there was a minimal loss....2022-02-1530 minthe CYBER5Brand and Reputation Intelligence: Open Source Intelligence That Drives Revenue Generation But Protects the Brand with Vizsense's Jon IadonisiIn episode 65 of The Cyber5, we are joined by Jon Iadonisi, CEO and Co-Founder of VizSense. Many people think of open-source intelligence (OSINT) as identifying and mitigating threats for the security team. In this episode, we explore how OSINT is used to drive revenue. We talk about the role social media and OSINT play in marketing campaigns, particularly around brand awareness, brand reputation, go-to-market (GTM) strategy, and overall revenue generation. We also discuss what marketing and security teams can learn from OSINT intelligence tradecraft, particularly when there are threats to the brand's reputation. Four Key Takeaways: 1) Even in Marketing...2022-02-0232 minthe CYBER5Building an Intelligence Program to Protect Executives with Okta Senior Intelligence Analyst John MarshallIn episode 64 of The Cyber5, we are again joined by John Marshall, Senior Intelligence Analyst at Okta. We discuss building a threat intelligence program to protect executives, particularly on nuances of being a “solution-side security company”. We discuss a risk-based approach for protecting executives and the data that's important to aggregate and analyze. We also talk about success metrics for intelligence analysis when building an executive protection program. Three Key Takeaways: Plans, Actions, and Milestones Regardless of industry, connecting with your executive team on a personal level to estab...2022-01-2522 minthe CYBER5Defining Metrics for Attribution in Cyber Threat Intelligence and Investigations with Head of Global Cyber Threat Intelligence for Equinix Sean O'ConnorIn episode 63 of The Cyber5, we are again joined by Sean O’Connor, Head of Global Cyber Threat Intelligence for Equinix. We discuss attribution in the cyber threat intelligence and investigation space, and what the private sector can learn from public sector intelligence programs. We also discuss different levels of attribution, the outcomes, and the disruption campaigns that are needed to make an impact on cybercriminals around the world. We define the impact of attribution with different stakeholders throughout the business and how the intelligence discipline will likely evolve over the next five to 10 years. 2022-01-1931 minthe CYBER5Introduction to Cryptocurrency Investigations with Blackhand Solutions Founder and CEO Charles FinfrockIn episode 62 of The Cyber5, we are again joined by Charles Finfrock, CEO and Founder of Black Hand Solutions. Charles was previously the Senior Manager of Insider Threat and Investigations at Tesla and prior to that, he worked as an Operations Officer for the Central Intelligence Agency. We discuss the generalities of cryptocurrency and go into the tactics, techniques, and procedures for conducting cryptocurrency investigations. We also discuss some case studies and what proper outcomes look like for making it more expensive for the adversaries to conduct their operations in this generally unregulated world. Three K...2022-01-0329 minthe CYBER5Combating Account Takeovers and Fraudulent Websites at Scale for SMB by Allure Security CEO Josh ShaulIn episode 61 of The Cyber5, we are joined by Josh Shaul, CEO of Allure Security. We discuss cybersecurity and account takeovers. We focus on the lifecycle of an account takeover , how to permanently solve it, and how to show a clear return on investment to small business owners. We also talk about how to impede attackers by making their efforts more costly and difficult. Four Key Takeaways: 1) Account Takeovers An account takeover is a form of identity theft and fraud, where a malicious third party successfully gains acces...2021-12-1538 minKnow Your Adversary™Investigating the T-Mobile Hack: Direct Threat Actor Engagement with John BinnsIn Episode 7 of Know Your Adversary™, we detail the August 2021 compromise disclosure of T-Mobile. A typical compromise of a sophisticated production network starts with an unwitting employee executing malware on their device. The threat actor then spends significant time moving laterally from the corporate network to the production network. However, in August 2021, John Binns, a US Citizen living in Turkey, disclosed that he compromised T-Mobile customer data by directly accessing the T-Mobile production network. While he initially stated his motivations were in response to physical abuse by nation-state governments, further investigation indicated that Binns was driven primarily by...2021-12-0722 minthe CYBER5Combating Terrorist Messaging on the Open Internet with Director of Technology at the Global Internet Forum to Counter Terrorism (GIF-CT) Tom ThorleyIn episode 60 of The Cyber5, we are joined by Tom Thorley, the Director of Technology at the Global Internet Forum to Counter Terrorism (GIF-CT). We discuss the mission of GIF-CT and how it's evolved over the last five years, with particular interest on violent terrorist messaging across different social media platforms. We also discuss the technical approaches to countering terrorism between platforms and how their organization accounts for human rights while conducting their mission. Four Key Takeaways: 1) The Evolving Mission of GIF-CT GIF-CT combats terrorist messaging on digital platforms and is par...2021-11-0931 minthe CYBER5The Business of Security: Positively Influencing Profit and Loss with Active Security Compliance Practitioner Dylan McKnightIn episode 59 of The Cyber5, we are joined by active security compliance practitioner, Dylan McKnight. We discuss the business of security. We unpacked how security can be effective at driving profitability and not just be a cost center toward an organization. We discuss how compliance measures can drive meaningful metrics around profitability and avoiding breaches. And finally, we talk about where threat intelligence provides the proper risk-based approach for security teams in this process. Five Key Takeaways: 1) Making “Security” Be Seen as More than Just a “Cost Center” Prioritize external-facing business leaders a...2021-11-0123 min
WHY-NI?WHY - NI: Magen Gicinto & Robert Raines - NISOSToday we met with Magen Gicinto (Director of People and Strategy) and Robert Raines (VP of Engineering) from NISOS.
NISOS are the Managed Intelligence company. Their services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs.
Having set up their first Technology arm to the company in April 2021 in Belfast, NISOS have since been working with Enso Recruitment as their exclusive recruitment partner and have successfully hired a team of talented and forward thinking engineers and product leaders to help bring their technology ideas to life. 2021-10-2729 minthe CYBER5Tips on Recruiting and Retaining Cybersecurity Talent with Director People Strategy and Culture for Nisos Magen GicintoIn episode 58 of The Cyber5, we are joined by Magen Gicinto, Director People Strategy and Culture for Nisos. We discuss the “Great Resignation’” that's happening in the work environment during the COVID pandemic and how to realign your “people strategy” to recruit and retain the best talent in spite of those challenges. We address the aspects of recruiting and retaining the best talent and how to calibrate total rewards in consideration of employees’ ever-changing motivations. Finally, we cover the nature of startup culture in the technology sector and the convergence of generalists and specialists in high performance organizations...2021-10-2523 minthe CYBER5Evolution of Incident Response Playbooks in the Last Five Years with Colby Clark, Director for Cyber Threat ManagementIn episode 57 of The Cyber5, we are joined by Colby Clark, Director for Cyber Threat Management. He’s also the author of the recently published book, The Cyber Security Incident Management Master’s Guide. We baseline incident response playbooks around customer environment, threat, landscape, regulatory environment, and security controls. Afterward, we discuss how incident response (IR) playbooks have evolved in the last five years and they have scaled in the cloud. We discuss telemetry that is critical to ensure an IR team can say with confidence that an incident is accurate, complete and truthful in order to avoi...2021-10-0528 minthe CYBER5Use of Intelligence for Corporate Security Programs with Executive Vice President for Allied Universal Ray O'HaraIn episode 56 of The Cyber5, we are joined by Ray O’Hara, Executive Vice President for Allied Universal. We discuss the use of intelligence for corporate security programs, usually overseen by a Chief Security Officer (CSO). We talk about some of the challenges this role faces and how intelligence can be actionable to mitigate those risks. We also work through various case studies, talk about metrics for success, and what technology platforms are used to aggregate intelligence that might be useful in the future. Four Topics Covered in this Episode: Role Shift for Chief Se...2021-09-2925 minthe CYBER5Evaluating the Conundrums of OT Security in the Energy and ONG Industries with CISO Nathan SingletonIn episode 55 of The Cyber5, we are joined by Nate Singleton, a security practitioner who was most recently the Director of IT, Governance, and Incident Response at Helmerich and Payne. We discussed the conundrums of operational technology security within gas and energy sectors, including risks downstream and upstream. We also compared the aggressive and constant need for interconnectivity on the information operation technology sides of the house to show that events like the Colonial Pipeline ransomware attack are probably just the beginning of future attacks against critical infrastructure. We also discussed what more ma...2021-09-2130 minthe CYBER5Personal Information Exposure Can Lead to Disaster with Piiq Media’s Chief Technology Officer Aaron BarrIn episode 54 of The Cyber5, we are joined by Aaron Barr, Piiq Media’s Chief Technology Officer. We discuss how data breaches are combined with other open source information to paint a more holistic target profile for bad actors. We also discussed the true information anchors and weaponization that can lead to an online attack against someone. Finally, we discussed what executives and individuals can do to protect themselves and how protective intelligence is playing a greater role in physical security. Four Topics Covered in this Episode: Common Information Anchors Used to Attack Someone On...2021-09-0721 minKnow Your Adversary™Supply Chain Attacks Escalation and Evolution by Foreign Nation StatesIn Episode 6 of Know Your Adversary™, we detail a previous supply chain attack from 2007 and then again in 2015 against a security software company. Foreign nation state adversaries conducted detailed reconnaissance and knew when a router was going to be rebooted for maintenance updates. Upon rebooting the router, the attackers “slipped through the crack” and into the software provider’s network by exploiting a vulnerability of the router model. This gave them a foothold into the software provider’s environment. The attackers then attempted to escalate to compromise the certificate authorities potentially to go upstream and compromise the software provider’s customers...2021-08-3138 minthe CYBER5Thinking about Cybersecurity Challenges in the Geopolitical and World Economic Context with the former Director General for Cybersecurity of GCHQ Ciaran MartinIn episode 53 of The Cyber5, we are joined by Ciaran Martin, the former United Kingdom National Cybersecurity Center CEO and former Director General for Cybersecurity of GCHQ. He’s currently a professor at the University of Oxford and a strategic advisor for Paladin Capital. We discuss the political, legal, and ethical challenges of today's ransomware threats and the corresponding nation state challenges of Russia, China, and Iran. We also discuss what the U.S. and global economies can do to reduce these threats and how the financial industry can assist in a greater capacity. Four Top...2021-08-2325 minthe CYBER5Evolution of Nisos Over the Last Six Years from the Operators with Nisos Managing and Technical Principals Robert Volkert and Travis PeskaIn episode 52 of The Cyber5, we are joined by Nisos Managing and Technical Principals Robert Volkert and Travis Peska who lead operations within the Pandion Intelligence team. We talk about the evolution of Nisos over the past six years, including how we now position ourselves within the private sector threat intelligence market under our new Chief Executive Officer, David Etue. Our managed intelligence mission combines open-source intelligence analysis, technical cyber security investigative tradecraft, and data engineering to solve enterprise threats around cyber security, trust and safety platforms, reputation, fraud, third party risk, and executive protection. We...2021-08-1031 minthe CYBER5Building and Implementing Security Programs within Fast Growing Technology Companies with Chief Information Security Officer for CrossBeam Chris CastaldoIn episode 51 of The Cyber5, we are joined by Chris Castaldo. Chris is the Chief Information Security Officer for CrossBeam and has been CISO for a number of emerging technology companies. In this episode, we talk about his newly released book, “Startup Secure” and how different growth companies can implement security at different funding stages. He also talks about the reasons security professionals should want to be a start-up CISO at a growing technology company and how success can be defined as a first time CISO. We also talk about how start up companies can avoid ransomware event...2021-08-0327 minthe CYBER5Intelligence Management: Translating Biden’s Executive Order for Public and Private Enterprise with Chief Cybersecurity Advisor, Public Sector at Splunk Paul KurtzIn episode 50 of The Cyber5, we are joined by Paul Kurtz. Paul’s career includes serving as Director of Counter-Terrorism, Senior Director for Cyber Security, and Special Assistant to the President of the United States for Critical Infrastructure Protection. He was previously the CEO of Threat Intelligence Platform TrueStar and is now the Chief Cybersecurity Advisor, Public Sector at Splunk. In this episode, we discuss the Biden Administration’s executive order for cybersecurity and how it impacts the public and private sector in relation to intelligence management. We also talk about an inside-out network approach and the criti...2021-07-2624 minthe CYBER5Building a Security Program for a Fast Growth Technology Company with Senior Director and Chief Information Security Officer at ServiceTitan Cassio GoldschmidtIn episode 49 of The Cyber5, we are joined by Cassio Goldschmidt. Cassio is Senior Director and Chief Information Security Officer at ServiceTitan. We discuss building a security company in late stage tech startups, including what to prioritize when starting a security program. While tech startups have a mantra of “move fast and break things,” Cassio talks about how a security program should enable business and adapt to the culture. He also discussed the pitfalls to avoid when starting a program like this. 4 Topics Covered in this Episode: Reasons a Business Starts a Security Program: It’s criti...2021-07-0625 minKnow Your Adversary™Nisos Attributes and Unmasks Insider Threat Saboteurs Who Caused $1M in Business LossIn Episode 5 of Know Your Adversary™, we discuss a 2018 Nisos insider threat investigation of network sabotage that caused almost $1,000,000 in business operations loss. Following a recent merger and acquisition transaction, IT engineers of the nearly acquired subsidiary were upset with their new roles. They were also disgruntled over the fact that the parent company refused to integrate with their open source and cloud infrastructure. They decided to resign (one unbeknownst to the parent company), sabotage the core subsidiary routers, delete all activity of their wrongdoing, and actively conspired to steer the investigation away from their actions while accepting new em...2021-06-2938 minthe CYBER5Using Intelligence Analysis in InfoSec: Think Globally and Act Locally with VP of Information Security at Centene Corporation Rick DotenTopic: Using Intelligence Analysis in InfoSec: Think Globally and Act Locally In episode 48 of The Cyber5, we are joined by Rick Doten. Rick is VP of Information Security at Centene Corporation and consults as CISO for Carolina Complete Health. We discuss shifting the operating model of threat hunting and intelligence to a more collaborative model, “think globally and act locally.” We then dive deep into the intelligence analysis for collecting and analyzing the vast array of network data to prioritize network protection. Finally, Rick makes an argument for the outsourcing of an intelligence function as a viable mode...2021-06-1431 minthe CYBER5Security Enabling the Business during Periods of Fast Growth with Chief Information Security Officer at MongoDB Lena SmartIn episode 47 of The Cyber5, we are joined by Lena Smart. Lena is the Chief Information Security Officer at MongoDB. We discuss how security can be an enabler of a business during fast periods of growth. We review how different departments can set up their own applications without needing an arduous approval process. We also discuss different cultures in departments and best practices for assessing vendor risk. 4 Topics Covered in this Episode: Avoiding Shadow IT and Enabling the Business: (01:47 - 06:00) In big organizations, “shadow IT” refers to information technology systems deployed by departments other than the c...2021-06-0717 minKnow Your Adversary™Attribution to Russian GRU for 2015 and 2016 Cyber Attacks on Ukraine Energy Power Stations with Gigamon Senior Manager Joe SlowikIn Episode 4 of Know Your Adversary, we are joined by Gigamon Senior Manager Joe Slowik. Our discussion takes a look into the world of Russian nation-state hacking units, particularly the GRU and the SVR. We take a deep dive into the 2015 and 2016 cyber attacks against the Ukrainian power grid and review how Russia’s capabilities are increasing in sophistication, mainly through lateral hand-offs between the teams of hackers operating in IT and OT environments. We discuss the technical details of such operations and how enterprises can better defend themselves while considering the geopolitical ramifications, mainly that GRU tends to bl...2021-05-2536 minthe CYBER5Navigating the Complex Challenges of Trust and Safety Teams with Trust and Safety Professional Association Executive Director Charlotte WillnerIn episode 46 of The Cyber5, we are joined by Charlotte Willner. Charlotte is the Executive Director of the Trust and Safety Professional Association. We will define what trust and safety means within organizations and how it differs from traditional cyber and physical security. We’ll focus on fraud and abuse of user-generated content on platforms and marketplaces of technology companies. Finally, we’ll discuss how security professionals can grow a career in trust and safety. 5 Topics Covered in this Episode: Defining Trust and Safety: (02:20 - 04:30) Trust and safety emerged from different disciplines within technology companies, inclu...2021-05-1820 minthe CYBER5Different Motivations Between Espionage and Crime Actors with Head of R&D for Verizon's Threat Research Advisory Center John GrimIn episode 45 of The Cyber5, we are joined by John Grim. John is the head of research, development, and innovation for Verizon’s Threat Research Advisory Center. In this episode, we discuss the differences between threat actors who engage in cybercrime and those who are nation state espionage actors. We explore their motivations around computer network exploitation and how threat models on these actors need to adapt to enterprise security and IT. 5 Topics Covered in this Episode: 1. Motivations of Cyber Crime versus Espionage Actors: (01:30 - 08:00) According to a study conducted by Verizon in lat...2021-05-1127 minthe CYBER5Automating Cyber Threat Intelligence 101 with Security Engineer and Architect for Marqeta and Hack Valley Studio Host Ronald EddingsIn episode 44 of The Cyber5, we are joined by Ronald Eddings. Ron is a Security Engineer and Architect for Marqeta, host of Hack Valley Studio podcast, and a cybersecurity expert and blogger have earned him a reputation as a trusted industry leader. In this episode, we discuss the fundamentals of automating threat intelligence. We focus on the automation and analysis of forensic artifacts such as indicators of compromise and actual attacker behaviors within an environment. We also discuss metrics that matter when the objective is to show progress for a security engineering program. 5 Topics Covered in this E...2021-04-2618 minKnow Your Adversary™Identifying and Disrupting Malicious Bot Programmers and Security Researchers with CISO Shawn ValleIn Episode 3 of Know Your Adversary™ we are joined by Shawn Valle, former Chief Information Security Officer at Rapid 7. Our discussion takes a look into the world of online platform abuse and fraud. Shawn tells us about two major threats he faced prior to taking on his current role. Each of those threats warranted different levels of attribution. In the first case, he was faced with bot programmers who abused the platform to “cut in the digital line” when major retailers were having online sales. In the second case, he was faced with a security researcher who compromised a third-p...2021-04-1831 minthe CYBER5Mastercard’s Cybersecurity Strategy to Secure the Digital Ecosystem with Director of Cyber & Intelligence Solutions for Europe at Mastercard Steve BrownIn episode 43 of The Cyber5, we are joined by Steve Brown, Director of Cyber & Intelligence Solutions for Europe at Mastercard. Steve discusses the key aspects of cyber defense learned while working international cyber crime investigations with the United Kingdom’s National Crime Agency. He will discuss the proven approach of prevent, protect, prepare, and pursue. We will also discuss the role Mastercard is taking in fighting cyber criminals, key aspects of adversary attribution, and how the public and private sector can forge better partnerships to combat cyber crime. 5 Topics Covered in this Episode: 1) Four P App...2021-04-0927 minthe CYBER5Building an Enterprise Intelligence Program by Senior Director of Cyber Intelligence Strategy at Anomali A.J. NashIn episode 42 of The Cyber5, we are joined by A.J. Nash, Senior Director of Cyber Intelligence Strategy at Anomali. A.J. discusses the steps and key components of building an enterprise intelligence program. Among the topics covered are frameworks, roles and responsibilities, critical skill sets, and metrics. 5 Topics Covered in this Episode: 1. Defining the Requirements with Key Stakeholders: Defining the intelligence requirements necessary to ensure the success of business stakeholders should always be step one. Sales, marketing, engineering, customer success, information technology, legal, and human resources will have different requirements. The security o...2021-03-2623 minKnow Your Adversary™Selling Backdoor Access to a Managed Service ProviderIn Episode 2 of Know Your Adversary™, we discuss an attempted compromise of a managed service provider (MSP) by a disgruntled former employee who tried to sell backdoor access on the dark web. Our guest is former Senior FBI Computer Scientist and current VP of Threat Hunting & Counterintelligence at Binary Defense, Randy Pargman. In 2019, Binary Defense engaged with an actor selling backdoor, unauthorized, and illegal access to an MSP in the eastern United States. The MSP provided out-source IT functions for many companies, and a compromise of their systems would have a major impact on hundreds of their cli...2021-03-2430 minthe CYBER5Scaling a Cyber Fusion Center Using Threat Intelligence with Cliff Webster, Director of Cyber Defense Integration at Thompson ReutersIn episode 41 of the Cyber5, we are joined by Director of Cyber Defense Integration at Thomson Reuters, Cliff Webster. Cliff discusses the building and scaling of cyber fusion centers and their integral part in reducing risk to all facets of the business. Here are the 5 Topics We Cover in this Episode: Differentiating a Cyber Fusion Center over a Security Operations Team: (01:59-07:16) A cyber fusion center (CFC) is an evolution of the traditional security operations center (SOC). A SOC is mostly focused on reactive activities such as detection and incident response around detected...2021-03-1336 minthe CYBER5Forensic Cyberpsychology: How Anonymity Normalizes the Abnormal with Professor Mary Aiken, Ph.D.In episode 40 of the Cyber5, we are joined by Professor of Cyber Psychology and former Producer of CSI Cyber, Mary Aiken. Mary discusses the psychology of online behavior, particularly with regard to social media and how it plays a critical role leading to extremist ideology. Here are the 5 Topics We Cover in this Episode: Defining Cyber Psychology as it Relates to Cyber Space: (01:00-05:52) Cyber psychology is the study of the impact of technology on human behavior. We maintain that human behavior can fundamentally change or mutate in cyber context. Key constructs include ODE, or the...2021-03-0122 minKnow Your Adversary™The Attribution, Arrest, and Sentencing of SpyEye Malware Developers Alexander Panin and Hamza BendellajIn episode 1 of the Know Your Adversary™ Podcast, we are joined by Mark Ray, former FBI Special Agent, Kamal Ghali former Assistant US Attorney and current partner at Bondurant, Mixon & Elmore, and former FBI Forensics Expert and current Technical Principal at Nisos Willis McDonald. We discuss one of the most famous cyber criminal cases of the 21st century, the attribution and takedown of Spyeye malware developer Alexander Panin and his primary facilitator Hamza Bendallaj. Spyeye was commodity malware that was sold on dark web marketplaces beginning in 2009. The malware was a program that ran on numerous browsers and operating syst...2021-02-1725 min
Know Your Adversary™Introduction to Know Your Adversary™ with Nisos Co-Founder Landon WinkelvossWelcome to the podcast series, “Know Your Adversary™”. In this podcast series, we will show you how organizations can achieve attribution, unmask adversaries, and understand the context of threats against their enterprise. Nisos will share investigative stories revolving around trust and safety, adversary attribution, supply chain risk, executive protection, disinformation, brand protection, fraud, and cyber threat intelligence. Thank you and stay tuned for our first episode which will be the attribution of the well-known Spyeye malware developers.2021-02-1600 minthe CYBER5External Threat Hunting & Active Defense by Director of Adversary Management & Threat Intelligence at Intuit Shannon LietzIn episode 39 of the Cyber5, we are joined by Director of Adversary Management & Threat Intelligence at Intuit Shannon Lietz. Shannon discusses external threat hunting and an enterprise practitioner’s perspective of active defense. Here are the 5 Topics We Cover in This Episode: 1. Defining Active Defense and External Threat Hunting: (01:34-02:51) We start with a proper definition of active defense and external threat hunting. While both terms are often misunderstood, an appropriate definition is the deep understanding of adversaries and the company’s capabilities to defend from the outside the firewall looking in. 2...2021-02-1016 min
the CYBER5Digital Identity Reduction for Executive Protection by Nisos Director Seth ArthurIn episode 38 of the Cyber5, we are joined by Director at Nisos Seth Arthur. Seth discusses digital identity reduction, a methodology for removing online personally identifiable information (PII). Outline We start by discussing what "doxxing" means and how serious enterprise takes such threats, particularly when executives are identified by malicious actors. Analyzing the threat, reviewing the digital footprint, and attributing the actor(s) are common work flows for digital executive protection. (01:00-04:12) We then get into a discussion of how PII proliferates online and what can be done to reduce online footprints every...2021-01-2012 min
the CYBER5Exploring the Intelligence Differentiator: The Nisos Dogpile with Nisos Managed Principal Jared HudsonIn episode 37 of the Cyber5, we are joined by Nisos Managing Principal Jared Hudson. Jared discusses the managed intelligence differentiator known as “The Nisos Dogpile,” a collaborative, investigative methodology that combines a wide range of skillsets, data, and technology. This unique approach enables Nisos operators, in partnership with enterprise clients, to rapidly solve security problems (01:38-05:00). We also talk about the technical data, data engineering, and data science, that we fuse with world-class analysis to solve investigations and address third-party risk (05:00-07:40). We provide details on real-world investigations of fraud, disinformation/brand reputation, cyber threat intelligence, trust...2021-01-0725 min
the CYBER5Attributes of a Robust Third Party Risk Management Program by CISO of Caterpillar Financial Ross YoungEpisode 36 of the podcast covers the attributes of a robust third-party risk management program including how to use threat intelligence to inform actionable outcomes with third parties. Q1 (01:25) Within your threats and safeguards matrix, you identify vendor and partner data as a major threat. How do you rank order each vendor and what are risk factors of vendors you assess? Q2 (05:33) How does cyber threat intelligence play a factor? Q3 (06:44) What are the critical, actionable outcomes you are looking for with threat intelligence as it pertains to TPRM? Q4 (11:15) Are you using threat intelligence to inform other threats...2020-12-1718 min
the CYBER5Creation, Maintenance, and Ethics of Sock Puppet Accounts (Online Personas) with Open Source Intelligence Researcher Micah HoffmanEpisode 35 of the podcast covers the creation, maintenance, and ethics of sock puppet accounts (online personas) and how enterprise can use them to solve numerous business problems. Question 1: (01:35) What are best practices for growing your connections, follows, or friends on sock puppets accounts? Question 2: (04:10) With the widespread tracking and analytics conducted by social media companies, how do you prevent cross contamination on your sock puppets from your legitimate social media? Question 3: (06:00) What are some appropriate operational security measures that are important in creating sock puppets to ensure they are backstopped? Question 4: (10:02) What are some ethical and legal considerations t...2020-12-1021 min
the CYBER5Defending Against Chinese State-Sponsored Espionage Efforts with Nisos Technical Principal Willis McDonaldEpisode 34 of the podcast covers how enterprise can defend against Chinese state-sponsored espionage efforts to steal intellectual property. Q1 (01:00) What are the computer network exploitation and insider threat TTPs you've seen throughout your career to steal intellectual property on the part of the Chinese government? Q2 (04:09) What are some investigative examples of each? Q3 (09:35) What can companies do to protect themselves? What are the critical monitoring mechanisms that are critical to detecting a breach? Q4 (13:51) What are the critical monitoring mechanisms to put in place on insider threat? Q5 (16:15) If you we...2020-12-0219 min
the CYBER5Defending a Cloud-Based Enterprise with a Remote Workforce with Head of Security at Zapier Attila TörökEpisode 33 of the podcast covers defending a cloud-based enterprise with a remote workforce. Q1 (01:44) What are the threats that worry you the most? Are you more worried about developer misconfigurations and inadvertent leaks more than an endpoint being compromised? Q2 (04:29) What are the controls you put in place that are the most cost-effective? So much is talked about defending a remote workforce; what strategies have you put in place? Q3 (13:10) Is logging at scale or even network segmentation even rational for small to mid-sized companies especially ones that are in the cloud? If so, wha...2020-11-1825 min
the CYBER5Consuming Intelligence to Assess Exposure and Pricing for Cyber Insurance CoverageEpisode 32 of the podcast covers how intelligence can be used to assess exposure and pricing risk for cyber insurance coverage. Q1 (01:13) What are the challenges for exposure and pricing risk as they pertain to cyber insurance coverage? Q2 (06:45) What questions are best to help understand exposure risk and pricing risk? Q3 (10:45) How can security stack maturity help underwriters understand and price the risk? Q4 (15:30) How can the disciplines around the intelligence cycle (plan, collect, process, analyze, disseminate) be helpful to underwriters? Q5 (18:22) How do you communicate these same disciplines to a...2020-11-1121 min
the CYBER5Legal Options for Disinformation and Deepfakes with WilmerHale Counsel Matthew FerraroEpisode 31 of the podcast covers legal options for disinformation and deepfakes. Q1 (01:06): On Twitter, Lebron James mentioned that he is trying to figure out what his legal options are. What do you tell him? Q2 (06:27): We’ve heard many cases of deepfakes in the business setting. What are practical measures companies and individuals can take to avoid being victims? Q3 (07:40): What are the motivations of the attackers? Q4: (14:06) Is legislation on track to help? Q5: (20:35) What are other possible solutions to these problems—from technology to detect deepfakes, to how t...2020-11-0427 min
the CYBER5State of the Cyber Threat Intelligence Industry with Chief Research Analyst at IT-Harvest Richard StiennonEpisode 30 of the podcast covers current trends of the cyber threat intelligence industry. Q1: (01:21) From your cyber threat intelligence research, what were the primary categories of CTI vendors? Q2: (04:30) You classified 13 TIP vendors and 34 solution vendors. As you know, many research firms often have stated that CTI vendors often have much different access and therefore it's not uncommon for large enterprise to have numerous data feeds or solution vendors as you describe. Are you seeing a balloon effect from too many solution vendors? Is it becoming too much noise? Q3: (08:02) You indicate the growth of some companies in y...2020-10-2918 min
the CYBER5Building a Threat Intelligence Program in the Finance Industry with American Century Investments CISO Aaron WeissenfluhEpisode 29 of the podcast covers the strategy of building a cyber threat intelligence program in the financial industry. Q1: (03:05) What are the business impacts that make a difference to the C-Suite and BoD regarding a Threat Intelligence Program. What considerations to the business should the finance industry consider before spending on a threat intelligence program? Q2: (04:00) What aspects of security programs need to be in place to make a threat intelligence program actionable? Q3: (06:26) How did you go about building out a threat intelligence program in the past? Q4: (13:17) What threats e...2020-10-2223 min
the CYBER5Directors and Officers View of Mission-Critical Privacy and Cybersecurity Issues with Reed Smith LLP Partner Gerard StegmaierEpisode 28 of the podcast covers a director's and officer's view of mission-critical privacy and cyber security issues. Q1. (03:13) What are the NACD’s guiding principles for effective cyber-risk oversight? Do boards actually follow these principles? Q2. (08:50) With regard to governance and cyber risk management frameworks, when a cyber incident occurs, what are companies doing right and wrong in addressing this interplay? Q3. (12:57) What role do these principles play with D&O insurance? Q4. (16:16) How detailed have you seen board rooms get on how to classify risks. Q5. (21:13) Understanding that security incidents are inevitable, how do you advise clients to w...2020-10-1527 min
the CYBER5Defining Selectors in the World of Digital Crime with Nisos Teammates Adam Gayde, Robert Raines, and Matthew BrockEpisode 27 of the podcast covers important attributes and characteristics of selectors critical to investigating digital crime including data engineering considerations that facilitate quicker and more accurate analytical assessments. (00:40) Question 1: In the world of digital crime, what do you define as a selector? (08:02) Question 2: What are the importance of these selectors from an analytical perspective? What are the properties and values of various kinds of selectors? (11:38) Question 3: How do you grade the value of a selector and what are some investigative use cases. (18:56) Question 4: From a data engineering perspective, how should we think about aggregating data that allows analysts to...2020-10-0838 min
the CYBER5Appropriate Security Tools and Log Aggregation at Scale For Medium Size Enterprise with Cboe Global Markets Security Manager Jan Grzymala-BusseEpisode 26 of the podcast covers important tools that gives security teams a fighting chance to catch bad actors in the environment before they’ve met their collection and compromise objectives. (01:07) Question 1: Organizations are never as well resourced as adversaries. What are the technical tactics that really underpin everything that advanced adversaries do in a network environment? (Gain foothold, Lateral movement (see MITRE ATT&CK for example, etc). (02:13) Question 2: What is your general guidance for being lean in cyber security defense that gives an advantage for security teams over well-resourced adversaries? Sub question: Some say that organizations with limited reso...2020-10-0114 min
the CYBER5Cybersecurity Blocking, Tackling, and Intelligence Use for Medium Enterprise with Logix CTO Shane SchillingEpisode 25 of the podcast covers important blocking and tackling steps to take in information security for smaller mid-sized organizations, and where threat intelligence can be applied in a focused manner. (01:22) Question 1: Being in the telco space, there are infinite amount of resources that large companies have at their disposal. What are the primary disciplines or categories you’ve used to define blocking and tackling for small enterprise? (03:15) Question 2: What are tools and logging that is critical for you to maintain in the case of an incident and how do you weight the risk vs cost? (05:10) Question 3: What kind of...2020-09-2413 min
the CYBER5How Much Intelligence Does a CISO Need? by Threat Researcher Jamie KaneEpisode 24 of the podcast covers common outcomes with cyber threat intelligence and some common pitfalls with implementation. (00:50) Question 1: When talking with CISOs, what is the right narrative for clients in terms of investing in intelligence? (01:39) Question 2: What are some common risk-based outcomes you try and contextualize for CISOs? What actions can be taken from those? (06:05) Question 3: When you are talking to a CISO, and they have their budget front of mind, where do you tell them to spend in threat intelligence? What are intelligence delusions do you see in this space? (10:00) Question 4: When dealing with threat intelligence platforms...2020-09-1719 min
the CYBER5Using Automation for Stronger Cyber Threat Intelligence, Red Team, and Blue Team Collaboration with Scythe CTO Jorge OrchillesEpisode 23 of the podcast covers automation for stronger cyber threat intelligence, red team, and blue team collaboration. (01:25) Question 1) Explain the difference between attack simulation techniques and MITRE ATT&CK techniques and elaborate what is more useful for a blue team. (03:04) Question 2) Is an attack simulation more useful to a blue team than threat intelligence? (06:27) Question 3) In your opinion, should MITRE ATT&CK start incorporating red team techniques into their framework(s)? Why or why not? (07:56) Question 4) What's a role automation can play to better remediate between numerous stakeholders following a red team? What are some of the challenges...2020-09-1022 min
the CYBER5Ransomware Negotiations, Threat Intelligence, and Risk Management with Crypsis Group Vice President Art EhuanEpisode 22 of the podcast covers ransomware negotiations, threat intelligence, and the role risk management plays into corporate enterprise following ransomware events. (01:22) Question 1: What are the defendable conclusions that companies can use with legal counsel that avoid disclosures after ransomware events? Secondly, what’s some details behind the uptick in public release requests? (04:55) Question 2: Describe the details behind ransomware negotiations. (07:03) Question 3: Describe how threat intelligence and investigations outside the firewall can assist your team in incident response investigations. (07:56) Question 4: Ransomware occurs from attacker’s ability to move laterally in an environment to meet the collection objectives. After the breach, how d...2020-09-0314 min
the CYBER5The Evolution of Disinformation in the US and UK with Samantha North, PhD CandidateEpisode 21 of the podcast covers the role disinformation plays in the United Kingdom compared to the United States, and the rising threat of disinformation to the enterprise. (02:37) Question 1: Provide us some background on your research and academic work. (03:57) Question 2: How has this research helped you conduct your threat intelligence research? (08:39) Question 3: Can you give us some examples where disinformation has influenced the Brexit narrative and are there more similarities or differences to the influences disinformation has played in the political narrative in the United States. (16:06) Question 4: Where do you see the future of disinformation going both on the po...2020-08-2726 min
the CYBER5Legal Ramifications of Vulnerability Disclosure with Aaron Charfoos, Partner at Paul HastingsEpisode 20 of the podcast covers a discussion on business and legal implications around vulnerability disclosure. (01:23) Question 1: How would you advise clients/companies to react to security researchers with knowledge of a vulnerability when they contact the organization? Should companies treat this as incident response? (03:39) Question 2: What kind of business and legal issues do those disclosures pose? How should companies weigh out the risks? (06:17) Question 3: How should security researchers think about approaching companies with vulnerability disclosures? (10:40) Question 4: With regard to disclosure, what should organizations say and not say and to whom? Can those disclosures be coordinated with the white...2020-08-2019 min
the CYBER5Third Party Risk Management in the View of Medium Size Businesses with Bill Varhol, Security Manager at Alix PartnersEpisode 19 of the podcast covers third party risk management considerations for medium size businesses, including how to respond to larger enterprises who contact with alleged vulnerability exposure. (01:40) Question 1: There are tens of thousands of companies that have robust but resource constrained security operations centers (between 10-20 personnel). What are some instances when you get called by SOC’s of larger clients with vulnerabilities that are exposed? (03:40) Question 2: Are those vulnerabilities accurate? If not, why not? What are they missing? (07:48) Question 3: Understanding resources are limited with small and medium businesses, how should small to medium businesses be best prepared fo...2020-08-1321 min
the CYBER5Using Threat Intelligence Throughout the Enterprise with Michael Rennie, Threat Intelligence Manager at LogMeInEpisode 18 of the podcast covers methodologies to produce actionable outcomes from threat intelligence, and use cases where threat intelligence can be applied throughout the enterprise. (01:11) Question 1: With your threat intelligence program, what steps do you take to filter the firehose of noise and determine what has context and what is actionable? (03:32) Question 2: A lot of SOCs believe threat intelligence should be defined as “new information that tells a SOC what the security stack does not know about and/or cannot detect”. Do you agree or disagree and why? (04:16) Question 3: As security professionals, we have a tendency to find out...2020-08-0614 min
the CYBER5Shared Responsibility of Security, Securing Your Platform with Kris Lahiri, Chief of Security at EgnyteEpisode 17 of the podcast covers different uses of threat intelligence to protect against platform abuse and application security. (00:45) Intro (01:09) Q1: File sharing companies have a heavy attack surface not only from cyber actors trying to infiltrate their network perimeter, but also using the platform itself to store illicit information they steal. How do you defend against all these threats and how do you prioritize? (09:55) Q2: As a medium size business, how do you prioritize threat intelligence that shows vulnerabilities against your tech stack? (14:37) Q3: There’s been a lot of talk about the shared responsibility model, particularly after the...2020-07-3029 min
the CYBER5Managing Cyber Risk Through Data Flow Accountability and Corporate Governance with Michael Gold, Partner at Jeffer Mangles Butler & MitchellEpisode 16 of the podcast covers actionable advice for companies around risk management especially third-party due diligence, privacy, network security, and vulnerabilities. (00:08) Intro (00:55) Question 1: What advice would you give to companies in how to think about cyber risk - whether through data management, compliance or processes themselves? Can and should this risk even be quantified? (05:15) Question 2: M&A issues around data mapping: How should companies think about integration issues when acquiring legacy data of a target company? For example, should companies ask for reps and warranties around that data? Can companies be advised to properly determine indemnification amounts? (12:02) Question 3: How...2020-07-2329 min
the CYBER5Analysis of Betterment and Exclusions within Cyber Insurance Policies with Heather Wilkinson, Vice President at Willis Towers WatsonEpisode 15 of the podcast covers how a cyber incident is defined by insurance carriers, how that is changing, and an in-depth analysis of betterments and exclusions often overlooked in cyber insurance policies. (00:48) Intro (01:13) Question 1: How do most cyber policies define a cyber incident? (03:54) Question 2: What do cyber policies cover once a cyber incident has occurred? (04:44) Questions 3: With betterment language, what will cyber insurance pay for with regard to remediations? (12:30) Question 4: What are important exclusions to pay attention to and what can be done to have them included in your policy (16:33) Question 5: What are some new themes and trends...2020-07-1621 min
the CYBER5OSINT Provides Valuable Context Moving Data to Intelligence with Mike Eller, Director of Threat Investigations at NisosEpisode 14 of the podcast covers techniques and tradecraft of open source intelligence and investigations. How these investigations can help businesses and executives avoid online crimes and where automation plays a helping hand. (00:44) Intro (02:51) Question 1: What is the difference between a cyber threat intelligence analyst and an OSINT investigator? (04:22) Question 2: What are some general skillsets you need to be a good online investigator and what kinds of security problems do you solve? (09:50) Questions 3: Many people don’t know where to start when they are being scammed, extorted, or hacked. What are the methodologies you’d like to spread to level t...2020-07-0924 min
the CYBER5Gaining Actionable Insights to Global Physical Security Threats with Dan Williams, Global Head of Security Resilience and Partnerships at UberEpisode 13 of the podcast covers the importance of building rapport with the workforce to gain actionable insights to global physical security threats. (01:09) Introduction (01:48) Question 1: The world of physical security controls has changed a lot in the last ten years with many threats emanating online. How do you use cyber threat and OSINT information to evaluate and reduce risk to physical threats? (03:03) Question 2: How important is the attribution of those threats in a digital environment? (04:22) Question 3: From an executive protection standpoint, how do you minimize risk to senior executives that emanate online particularly including home, travel, and workplace security? (06:40...2020-07-0214 min
the CYBER5What Makes an Effective Insider Threat Program with Charles Finfrock, Insider Threat Program Manager at TeslaEpisode 12 of the podcast covers the importance of building rapport with the workforce to gain actual insights to insider threats. (00:48) Introduction (01:55) Question 1: What are the general backgrounds of insider threat personnel and why does that matter for how a program is developed and run? (02:59) Question 2: What are important policies to put into place that foster positive collaboration between the workforce and security? (04:10) Question 3: How do you foster a collaborative culture to have employees be the front lines of insider threat? (06:48) Question 4: What are the important monitoring mechanisms to put into place that alert on the appropriate behavior but d...2020-06-2513 min
the CYBER5Challenges of Containerized and Cloud Environments with Alan Orlikoski, Detection and Response Engineering Team Lead at SquareEpisode 11 of the podcast covers challenges and baselining of container and cloud security. (0:54) Introduction (01:29) Question 1: What are the right and left bounds when deciding to use a container environment as part of the infrastructure and how much of that is security minded? (03:03) Question 2: How do you approach a baseline level of security for your containerized environments? Is it mainly configuration or do you consider other aspects for hardening of your containerized environments? (06:30) Question 3: From your experience, which of the environments, if any, are more security forward than any other and why? Kubernetes? Docker? (12:06) Question 4: Does the way you de...2020-06-1822 min
the CYBER5How Today's CISOs Think About the Future of Threat Intelligence with Dave Ruedger CIO & CISO at RMSEpisode 10 of the podcast covers how modern CISOs think about the future of threat intelligence. (0:21) Introductions (1:55) Question 1: What kind of information do you see threat intel feeds providing, and which ones are most compelling to you? (4:35) Question 2: Is it unique to have information sharing with other portfolio companies? How does that work programmatically? (7:01) Question 3: What are the new, hot data sets you’re seeing? (9:35) Question 4: Are you aware of an increase in adversaries targeting containerized environments? (11:55) Question 5: Are you thinking about threat intelligence differently as it relates to cloud and containerized environments that support a dispersed workforce? (17:36) Closing Rem...2020-06-1118 min
the CYBER5A Deep Dive on Deepfakes with Vice President of Threat Investigations Robert Volkert (Part 2)This is a bonus episode of the podcast and the second of a two part series covering a Nisos project with New York University (NYU) regarding the digital economy and misuse of deepfakes. (00:26) Introductions (01:33) Question 1 - What’s the biggest challenges deepfakes presents us with? How about 5 years from now? (04:08) Question 2 - Are there deep/dark web capabilities that people can hire to create these? How good are they? (10:31) Question 3 - Why are the majority of deepfakes focused on pornography and do you see this shifting over time? (16:48) Question 4 - Should the average person be worried about this? (17:57) Qu...2020-06-0521 min
the CYBER5A Deep Dive on Deepfakes with Nisos Senior Software Engineer Dev Badlu (Part 1)This is a bonus episode of the podcast in a two part series covering a Nisos project with New York University (NYU) on the technical considerations for creating deepfakes as well as processes and procedures to detect them. (00:28) Introductions (01:06) Overview of Nisos Deepfake Project (02:21) Question 1 - What kind of research did you have to do to start making deepfake videos? (03:51) Question 2 - Are there a lot of open source libraries intended to make building deepfakes easier? (05:20) Question 3 - What was the most difficult part of the process for building a deepfake video? (06:15) Qu...2020-06-0510 min
the CYBER5Importance of Actionable Threat Intelligence for the Business with Head of Global Information Security of AVX Corporation Zach MoodyEpisode 9 of the podcast covers operationalizing threat intelligence to inform better business decisions. (0:19) Introductions (2:34) Question 1: When it comes to cyber threat intelligence, what information is most actionable? (5:05) Question 2: How do you filter to make sure it's relevant? (7:00) Question 3: For a use case, how do you filter for insider threats? (9:04) Question 4: How do you get buy-in for your program from business leaders? (11:20) Question 5: What types of business decisions does your cyber security program inform? (14:17) Recap & Takeaways 2020-05-2816 min
the CYBER5The Importance of Building Adversarial Context with CISO of Mars Andrew StanleyEpisode 8 of the podcast discusses why adversarial context is critical to leverage the proper resources of a security operations team. (00:25) Introductions (03:43) Question 1 – What types of threats are uninteresting to you? What types lead you to investigate outside of your firewall? (05:17) Question 2 – What are the questions you look to answer? (07:33) Question 3 – What answers do you look for outside of the network? (09:48) Question 4 – How have you built this into your decision-making? (11:47) Question 5 – What are the impacts that you’ve seen in employing this overall strategy? (14:08) RECAP & Takeaways 2020-05-2116 min
the CYBER5COVID Impacts on Insider Threat with Michael Rohrs of Control Risks GroupEpisode 7 of the podcast covers insights into current trends in commercial sector Insider Risk, stemming from the remote workforce & COVID19. •Intro (00:22) •Question 1 (01:05) – Does the current climate set us at increased exposure to Insider Risk? What elements of the Pandemic have led to that? •Question 2 (02:41) – How much of this has to do with the increased/imposed remote aspect of the workforce? And does this change in the status quo have any other impacts? •Question 3 (07:23) – For companies with an existing insider risk program, what are changes that they should consider making with the changes in work-dynamic? •Question 4 (09:25) – If I’m a company that doesn’...2020-05-1516 min
the CYBER5A Red-teamer's Take on Threat Intelligence with Tyler Robinson of Nisos, Inc.Episode 6 of the podcast covers insights into the impacts of threat intelligence from the perspective of the ultimate red-teamer, Tyler Robinson of Nisos, Inc. Intro (00:27) Question 1 (01:29) – As a red-teamer, when you’re doing your job, do you feel threatened by threat feeds, or things like the MITRE Attack framework? Question 2 (03:37) – So you’re a sophisticated adversary – do you actually take these things into account in preparing your attack? IE pulling in threat feeds, and matching your approach against frameworks that the target may use. Question 3 (07:00) – So you’ve done a lot of this over the years, what keeps you up a...2020-05-0817 min
the CYBER5Understanding the Insider Threat with Gabe Ramsey, Partner @ Crowell & MoringEpisode 5 of the podcast focuses on understanding the nuances around insider threat scenarios and features Gabe Ramsey, Partner @ Crowell & Moring. Intro (00:18) Question 1 (00:56) – Thinking about the team that comes together in an insider threat investigation, what does that look like? Both internal and 3rd parties. Question 2 (01:50) - Are there any common trends that you see with companies that are successful in investigating and, from your angle, bringing litigation against an insider threat? Question 3 (02:39) - Insider threat, its a very multi-dimensional problem, but all of the effort leads to some kind of legal action or outcome. From your perspective, wha...2020-04-2313 min
the CYBER5Understanding your Environment with Anthony Johnson of Delve RiskEpisode 4 of the podcast focuses on the CISO's perspective on the importance of understanding the corporate network environment and features Anthony Johnson, Managing Partner of Delve Risk. Outline: (00:22) Introductions (01:07) Question 1 – As a CISO, if I don’t have clear or accurate insight into the state of my assets and infrastructure, what immediate risks am I incurring? (02:23) Question 2 – You’ve started a role as a CISO at a new company - how do you test the information your presented with around the the network, the current state of the security team and tech stack, and when do you trust it? (03:2...2020-04-1713 min
the CYBER5Disinformation in the time of Pandemics with Cindy Otis (Nisos Inc.)Episode 3 of the podcast focuses on illuminating disinformation and misinformation activity surrounding the COVID-19 Pandemic and features Cindy Otis, Managing Director at Nisos, Inc. Outline: (00:00) Intro (01:43) Question 1 - The pandemic is obviously something that’s touching every person’s life at this point. Due to the overall disruption, do you think people are more susceptible to disinformation surrounding it? (03:48) Question 2 – What types of disinformation have you been seeing pushed out? (05:35) Question 3 - Who are the actors behind it? What are they trying to accomplish with it? (08:54) Question 4 – If I’m an employer, what can I do to help pr...2020-04-0217 min
the CYBER5Inside Purple Teaming with Gerry Beuchelt (CISO @ LogMeIn)Episode 2 of the podcast focuses on Purple Teaming and features Gerry Beuchelt, CISO, and Patrick Mathieu, Offensive Security Coordinator from LogMeIn. Outline: (00:28) Introductions (03:34) Question 1 - What lead you to start using them at LogMeIn? (08:23) Question 2 - Where’s the value in using both Red and Purple Teaming? (11:47) Question 3 - What improvements have you seen from using purple teams? (15:06) Question 4 - What aspects of workshopping do you find most valuable and why? (17:34) Question 5 – How do you measure the success of a purple team? (21:50) RECAP 2020-03-2623 min
the CYBER5Cyber M&A DiligenceThis is the first of many episodes for the Nisos podcast, and our topic is Cyber M&A Diligence, and the conversation features Randy Sabett, Special Counsel at Cooley, LLP. Key elements of the podcast: (00:28) Intro with Randy Sabett, Special Counsel at Cooley LLP (01:38) Question 1 – (need to mention minimizing liability) What do you look to accomplish when it comes to cyber diligence surrounding a merger or acquisition? (04:12) Question 2 – What is the bare minimum diligence companies should pursue? (07:38) Question 3 – What are the tangible outcomes from the type of diligence we’re talking about here? (10:22) Question 4 – Are there considerations that a company sh...2020-03-1017 min