Shows
Talking Cloud with an emphasis on Cloud Security74-Talking Cloud Podcast-with Steve Winterfeld, Advisory & Fractional CISO, Cyber Vigilance Advice (CVA) LLCEpisode #74 features a great discussion with Steve Winterfeld, Advisor, and Fractional CISO with Cyber Vigilance Advice (CVA) LLC. Steve is passionate about cybersecurity. He served as CISO for Nordstrom Bank, Director of Cybersecurity for Nordstrom, and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve also published a book on Cyber Warfare and holds CISSP, ITIL, and PMP certifications. We discussed a variety of topics, and during our conversation, Steve offered these resources:
On finding job: Lessons Learned on Finding a Cybersecurity Job After a Layoff - Security Boulevard
On starting / managing a career...2025-04-1446 min
Phishing For AnswersSecuring AI and Minds: Steve Winterfeld on Cyber Threats, Behavioral Science, and Building Robust Security CulturesSend us a textOur conversation with Steve Winterfeld unveils critical insights for anyone looking to forge a successful career in cybersecurity. We discuss the importance of strategic planning, building a security culture, and adapting to the rapid evolution of threats, especially phishing and social engineering attacks.• Exploring three career paths in cybersecurity • The importance of strategic career objectives • Carrot versus stick: fostering an inclusive security culture • Evolving threats: phishing beyond email • The role of AI in enhancing and challenging security • Understanding cognitive biases in decision-making • Effective metrics for measuring security a...2025-02-0550 min
CISO Perspectives (public)SolarWinds and the SEC. [CSOP]Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO.References:Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption.Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explaine...2024-06-0321 min
CyberWire DailySolarWinds and the SEC.Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO.References:Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption. Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explaine...2024-06-0321 minCISO Perspectives (public)Bonus: Examining the current state of security orchestration. [CyberWire-X]In this bonus episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your...2024-01-1532 minCyberWire DailyEncore: Examining the current state of security orchestration. [CyberWire-X]In this encore episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.2024-01-1532 min
Security Clearance Careers PodcastHow Segmentation Can Protect Your Organization's Network SecurityToday we’re joined by Steve Winterfeld who is the advisory CISO at Akamai Technologies, a cloud computing company. Steve helps Akamai CISO’s solve their most pressing issues and provide insights on security capability roadmaps. In addition to providing thought leadership as the cybersecurity industry transitions to DevOps and combats online attacks, Akamai produced a report: The State of Segmentation 2023.Overcoming deployment obstacles proves to be transformational, and the white paper examines how different companies of varying sizes approach segmentation as part of their overall security strategy.Today we discuss the takeaways.2023-12-1822 minCyberWire DailyThreat actors with mixed motives: from the political to the financial.OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/222Selected reading.Company that created ChatGPT is...2023-11-2122 minCyberWire DailyExamining the current state of security orchestration. [CyberWire-X]In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad c...2023-11-1632 min
Security Weekly Podcast Network (Audio)2023 AT&T Cybersecurity Insights Report: Edge Ecosystem - Theresa Lanowitz, Steve Winterfeld - BSW #320Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting. Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware 2023-09-1858 min
Business Security Weekly (Audio)2023 AT&T Cybersecurity Insights Report: Edge Ecosystem - Theresa Lanowitz, Steve Winterfeld - BSW #320Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting. Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware 2023-09-1858 min
Business Security Weekly (Video)2023 AT&T Cybersecurity Insights Report: Edge Ecosystem - Theresa Lanowitz, Steve Winterfeld - BSW #320Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting. Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware 2023-09-1832 minCISO Perspectives (public)Best practices for MITRE ATT&CK(R) mapping.Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai’s Advisory CISO.Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks [Journal Article]. The Cyber Defense Review. URL https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2420129/implem...2023-08-2617 minCISO Perspectives (public)Distributed Denial of Service prevention: Current state.Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Distributed Denial of Service (DDOS) prevention with CyberWire Hash Table guests Steve Winterfeld, Akamai’s Field CSO, and Jim Gilbert, Akamai’s Director Product Management, and Rick Doten, the CISO for Healthcare Enterprises and Centene.Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083. Azure Network Security Team, 2023. 2022 in review: DDoS attack trends and insights [Website]. Microsoft Security Blog. URL https://www.microsoft.com/en-us/security/blog/2...2023-08-1417 min
This Week in Enterprise Tech (Audio)How Akamai Are You About DDoS? - Hospitals violate HIPAA because of Meta Ad-tracking, the evolution of DDoS
Health info for 1 million patients stolen using critical GoAnywhere vulnerability
ESXi Ransomware Update Outfoxes CISA Recovery Script
Comcast gave false map data to FCC—and didn't admit it until Ars got involved
Atlassian and Envoy briefly blame each other for the data breach
Hospitals Sued for Using Meta's Ad-Tracking Code, Violating HIPAA
Steve Winterfeld, Advisory CISO of Akamai talks about the continued evolution of DDoS.
Hosts: Louis Maresca, Brian Chee, and Curtis Franklin
Guest: Steve Winterfeld
Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech.
Get episodes ad-free with Club TW...2023-02-181h 07This Week in Enterprise Tech (Video)How Akamai Are You About DDoS? - Hospitals violate HIPAA because of Meta Ad-tracking, the evolution of DDoS
Health info for 1 million patients stolen using critical GoAnywhere vulnerability
ESXi Ransomware Update Outfoxes CISA Recovery Script
Comcast gave false map data to FCC—and didn't admit it until Ars got involved
Atlassian and Envoy briefly blame each other for the data breach
Hospitals Sued for Using Meta's Ad-Tracking Code, Violating HIPAA
Steve Winterfeld, Advisory CISO of Akamai talks about the continued evolution of DDoS.
Hosts: Louis Maresca, Brian Chee, and Curtis Franklin
Guest: Steve Winterfeld
Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech.
Get episodes ad-free with Club TW...2023-02-181h 07CyberWire DailyThe power of web data in cybersecurity. [CyberWire-X]The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody who has the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typically refer to it as open source intelligence, or OSINT. Intelligence groups have been conducting OSINT operations for over a century if you consider books and newspapers to be one source of this kind of information. In the modern day, hackers conduct OSINT operations in order to recon their p...2023-01-2228 minCyberWire DailySoftware supply chain management: Lessons learned from SolarWinds. [CyberWire-X]Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A “Secure-by-Design” approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult.On this episode of CyberWire-X, host Rick...2023-01-0343 min
infosecliveThe CISO Experience - Steve Winterfeld🚀 Looking to further your career in cyber security? Confused by all the options....?
This “The CISO Experience” SPECIAL sponsored by Bramfitt Technology Labs is a MUST NOT MISS!
🚀 Simon L hosts Steve Winterfeld in the studio for a session called:
Lessons from my cyber journey Steve Winterfeld is Akamai Technologies’s Advisory CISO.
Before joining the team, he served as CISO for Nordstrom Bank, Managing Director of IR and TI at Charles Schwab and Senior Technical Director Cybersecurity & Group CTO at Northrop Grumman.
Steve focuses on collaborating with Akamai’s customers to make s...2022-11-1555 minCISO Perspectives (public)Pt 2 – Students of the game: What are the Hash Table’s go-to information sources for 2022?Rick Howard, the CyberWire’s CSO and Chief Analyst, chats with Steve Winterfeld, the Akamai Advisory CISO, and Errol Weiss, the Health-ISAC CSO, about recommended sources of infosec content that they found valuable in 2021.Links to content mentioned in the show:Documentaries“Kill Chain: The Cyber War on America’s Elections,” by Harri Hursti, Published by HBO, 26 March 2020. “The Perfect Weapon.” by David Sanger, Published by HBO, 16 October 2020.Podcasts“Darknet Diaries – True Stories from the Dark Side of the Internet,” by Darknetdiaries.com, 25 January 2022.“The Lazarus Heist,” BBC...2022-11-0736 minCISO Perspectives (public)Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework.For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Learn more about your ad choices. Visit megaphone.fm/adchoices2022-10-1724 minCyberWire DailyThe great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right. [CyberWire-X]Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, talks with two Hash Table members, Centene’s VP and CISO for Healthcare Enterprises, Rick Doten, and Akamai’s Adviso...2022-07-2426 minCISO Perspectives (public)Security in different verticals: Energy.Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Helen Patton, Duo Security at Cisco Advisory CISO, Steve Winterfeld, Akamai Advisory CISO, and Marc Sachs, Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security's Deputy Director for Research, to discuss cybersecurity strategies and tactics in the energy sector. Learn more about your ad choices. Visit megaphone.fm/adchoices2022-05-2326 minCISO Perspectives (public)Security in different verticals: Finance.Rick Howard, the Cyberwire’s CSO and Chief Analyst, is joined by Hash Table members Gary McAlum, USAA’s former CSO, Jerry Archer, Sallie Mae’s CSO, and Steve Winterfeld, Akamai’s Advisory CISO, to discuss cybersecurity strategies in finance and antifraud. Learn more about your ad choices. Visit megaphone.fm/adchoices2022-05-0924 minCyberWire DailyCSO Perspectives: Pt 2 – Mitre ATT&CK: from the Rick the Toolman Series.In this “Rick the Toolman” episode, Rick interviews Steve Winterfeld, from Akamai, on the current state and future of the Mitre ATT&CK Framework.
For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.2021-12-2723 minCISO Perspectives (public)SD-WAN: around the Hash Table.Two members of the CyberWire’s hash table of experts:
Steve Winterfeld: Akamai’s Advisory CISO
Paul Calatayud: Palo Alto Networks’ Chief Security Officer for the Americas
discuss SD-WAN architecture and security.Resources:
“A History of SD-WAN,” by CATO.
“Broadband history,” by Dani Warner, USwitch, 19 July 2018.
“SD-WAN: What’s the big deal for security leadership?” by Rick Howard, CSO Perspectives, The CyberWire, 10 October 2020.
“The 6 Biggest SASE Buys of 2020 (So Far)” by Tobias Mann, SDxCentral, 26 August 2020.
“The Secret to SASE is the Right SD-WAN,” by Network World from IDG, 2020.
“What is MPLS: What you need to know about multi-protocol l...2021-12-2732 min
Adam Learns Random StuffEpisode 11: How to Fail Faster With Steve WinterfeldSteve Winterfeld is a Cybersecurity Expert, both in operations and in building compliance programs. Today we are discussing the growth mindset and how to fail faster. 2021-11-1530 minCyberWire DailyCloud configuration security: Breaking the endless cycle. [CyberWire-X]Moving to the cloud creates a tremendous opportunity to get security right and reduce the risk of data breach. But most cloud security initiatives get underway after services are deployed in the cloud. It’s frustrating when major breaches resulting from basic mistakes, like S3 buckets left unsecured or secrets exposed. Continually checking for risky configurations and unusual behavior in cloud logs is a requirement, but there is an opportunity to be proactive. What if you could configure your security and access controls as you set up cloud infrastructure? The CyberWire's Rick Howard speaks with Hash Table members Kevin Ford of...2021-10-0333 minCISO Perspectives (public)Incident response: around the Hash Table.Four members of the CyberWire’s hash table of experts: Jerry Archer - Sallie Mae CSO Ted Wagner - SAP National Security Services CISO Steve Winterfeld - Akamai Advisory CISO Rick Doten - Centene CISO discuss the things they worry about when it comes to incident response. Learn more about your ad choices. Visit megaphone.fm/adchoices2021-09-2729 minCyberWire DailyIs enhanced hardware security the answer to ransomware? [CyberWire-X]With the recent onslaught of ransomware attacks across healthcare institutions, critical infrastructure, and the public sector, it's clear that ransomware isn’t going anywhere. But given how common ransomware attacks have become, how is it that we've been unable to put a stop to them? Companies often overlook the role that hardware security plays in meeting this challenge, and that oversight has become a bad actor's dream. Michael Nordquist speaks about the recent surge in ransomware attacks, and how strong hardware security, combined with software security and personnel security awareness, can be the answer to the industry’s prayers.
In this episode of Cybe...2021-07-2531 minCyberWire DailyChanneling the data avalanche. [CyberWire-X]Proliferation of data continues to outstrip our ability to manage and secure data. The gap is growing and alarming,especially given the explosion of non-traditional smart devices generating, storing, and sharing information. As edge computing grows, more devices are generating and transmitting data than there are human beings walking the planet.
High-speed generation of data is here to stay. Are we equipped as people, as organizations, and as a global community to handle all this information? Current evidence suggests not. The International Data Corporation (IDC) predicted in its study, Data Age 2025, that enterprises will need to rely on machine learning, a...2021-04-2535 min
Your Cyber Path: How to Get Your Dream Cybersecurity JobEP 37: Security Operations OverviewSome of the best "entry level" cybersecurity jobs are found in the Security Operations department. In this episode, Kip and Wes will give you a tour with the help of our guest, Steve Winterfeld.
NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/YourCyberPath
Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf
---
Send in a voice message: https://anchor.fm/yourcyberpath/message2021-02-051h 16
Colorado = Security Podcast169 - 6/22 - James Carder, Steve Winterfeld & Alex Wood roundtableWe’ve got a roundtable discussion with James Carder (CSO at LogRhythm), Steve Winterfeld (Advisory CISO at Akamai) and Alex Wood as our feature interview this week. News from: Boulder AI, Techtonic, Uncharted, PAIRIN, Guild Education, Automox, VirtualArmour, Ping Identity, LogRhythm, Swimlane, Red Canary, and a lot more!
Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends.
Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If...2020-06-211h 15
Colorado = Security Podcast163 - 5/4 - Erik Huffman, Entrepreneur, Researcher & CyberpsychologistErik Huffman, Entrepreneur, Researcher & Cyberpsychologist is our feature guest this week. News from: Strava, VF Corp, Arrow Electronics, DaVita, Zayo, Anschutz Corp, Liberty Global, Ball Corp, Vail Resorts, Boston Market, National Cybersecurity Center, Manetu, ThreatX, DarkOwl, Swimlane and a lot more!
Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends.
Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, o...2020-05-031h 06
Colorado = Security Podcast130 - 8/26 - Steve Winterfeld, Security Strategy at AkamaiSteve Winterfeld, Senior Director of Security Strategy at Akamai is our feature interview this week. News from John Hickenlooper, Amazon, Google, Personal Capital, SecureSet, Ping Identity, Coalfire, Webroot, Red Canary and a lot more!
Hick throws his hat in the Senate race
Hick is in the Senate race. Space Command will be in Colorado. The Colorado housing market is cooling. Google bringing non-profit money to Colorado. Personal Capital is expanding in Denver. Flatiron School acquires SecureSet. Ping Identity named a leader in the latest Gartner Magic Quadrant. Blogs from Coalfire, Webroot and Red Canary.
Support us on Patreon! Fun swag a...2019-08-2551 min