
Avoiding overload and managing stress in cybersecurityFor today’s episode, Robby’s joined by Lisa Ventura, Cybersecurity Specialist, Author, and qualified Mental Health First Aider. After many years of experience from the industry, she’s become particularly interested in the human aspects of cybersecurity, especially when it comes to mental health issues, stress, and burnouts.During their conversation, Lisa explains how common stress and burnouts are in InfoSec and cybersecurity, and discuss how the pandemic impacted these numbers. As well as what the main factors contributing to stress and burnout in our industry is, and how these symptoms manifest themselves.She also shares some advice on how to combat overload and stress both on an individual and organisational level.If you’d like to also see Lisa’s presentation, feel free to visit our YouTube channel to watch the full recording of the episode.
Jul 3, 2023
47 min

Asset IntelligenceImagine a scenario where your organisation discovers that a threat actor currently possesses more knowledge about your environments than you do. Let’s find a way to make sure we don’t end up there - but how?For this episode, Robby is joined by a serial entrepreneur and serial guest at the mnemonic security podcast. For the fourth time, we’re welcoming Brian Contos. Today, to discuss his latest role as Chief Strategy Officer at Sevco, a company specialising in asset intelligence.Brian talks about the importance of having an accurate and comprehensive understanding of your assets' security and compliance status, especially in the governance, risk, and compliance (GRC) landscape. As well as how asset intelligence is gaining renewed attention in the industry.
Jun 26, 2023
21 min

Operationalising Threat IntelligenceWhat can you do to get the most out of your threat intelligence initiatives?A good place to start, is picking Kyle Wilhoit’s brain. Kyle’s the Director of Threat Research at Palo Alto Network's Unit 42, and author of the book Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs.During his chat with Robby, he provides some advice on how organisations should be handling their threat intelligence, what you can leverage from your vendors and partners, and what you need to do yourself to achieve full value from your threat intelligence.He also shares the major trends that Unit 42 are seeing when it comes to hacking tools, attack frameworks, campaigns, malware, and ransomware.
Jun 12, 2023
46 min

Crypto FinanceHow does a crypto finance agency work with security?To answer this question, and provide insight into security in the world of crypto, we’re joined by Dr. Dominik Raub. He has more than 10 years of experience from the financial industry, a Doctor of Sciences in Cryptography, and works as CISO at Crypto Finance AG, an organisation providing crypto and blockchain services to institutional clients.Dominik talks about the threat landscape they are in, the adversaries in the space, and what he’s learned about their TTPs. As well as the mechanisms his organisation uses to help them distinguish bad transactions and stop large-scale issues.Robby and Dominik also discuss the recent developments in the crypto finance market, and Dominik shares what he predicts will happen in the market in the years to come.
May 22, 2023
40 min

Office IoT Can you say for certain that you have a full overview of the IoT devices that are set up in your office environment? Smart Lighting, thermostats, locks, appliances, security cameras, sensors... perhaps even a fish tank? To talk about the importance of securing our office IoT, and specifically our printers, Robby is joined by Quentyn Taylor, Senior Director – Information Security and Global Response at Canon.During their conversation, Quentyn shares from his vast experience working with both IT and information security, and the security evolution he’s observed in office IoT throughout his career.He also shares his expert advice on how to secure these products, the main security challenges associated with them, and how zero trust affects this conversation.
May 8, 2023
29 min

Passwords and their managersHow do you create your passwords? Do you get help from a password manager, or is your personal “system” bulletproof?Robby has invited two guests passionate about passwords, and how we manage them. Not surprisingly, they can with confidence say that our own “systems” are highly guessable, and not as unique as you might think.Our experts this episode, Cecilie Wian from the Norwegian consultancy Bouvet, and Per Thorsheim CISO and password & digital authentication researcher, share why are they so fascinated with passwords. They also discuss under what circumstances password managers work best, and how to convince your staff to actually use them. As well as what they see for the future of passwords.Interested in this topic? Feel free to check out this conference! https://passwordscon.org/
Apr 17, 2023
34 min

DarkwebsMost of us have our ideas and perceptions of what the Dark Web is. But could it be more than just the dark side of the World Wide Web? To talk about the Dark Web, Robby is joined by Keven Hendricks, Dark Web Subject Matter Expert at The Ubivis Project. Keven has worked in law enforcement in the US since 2007, in areas such as computer and mobile device forensics, and Dark Web investigations. In 2021, Hendricks founded The Ubivis Project – StopDarkwebDrugs.com as a medium for both law enforcement and civilians to report Dark Web vendors and overdoses. Holding more experience than most within this area, he now works to break the stigmas out there about what the Dark Web is, what you can find on the Dark Web, and particularity what you can do as an investigator or researcher involving the Dark Web. He also teaches this to law enforcement and other public sector entities including the Department of Defense.Keven and Robby dive into the misconceptions around the Dark Web, what Keven’s learned about Dark Web investigations, how accessible the different Darknets have become, as well as why the Dark Web has become important for privacy and free speech in some countries.
Apr 3, 2023
44 min

The importance of identity within our field has been established. According to analysis from CrowdStrike, 8/10 attacks are identity-based. But what does that actually mean? How do we even define identity these days, and how has it changed?To look into this, Robby has invited an expert within the field, Peter Barta. Peter works as a Senior Cloud Security Engineer at Rothesay, the UK's largest specialist pensions insurer, securing pensions for over 810 000 people, and has previously worked in Norges Bank Investment Management (NBIM) which manages the Norwegian Government Pension Fund Global.During their conversation, Peter takes us both to the far side of Security Engineering, as well as goes though some of the more standard best practice most organisations should have on their radar.They talk about how you can design and create something that is user-friendly enough for everyone in an organisation, also the users not interested in identity or security. As well as the developer side of secret management, dynamic sessions, zero trust, and what he thinks security engineers should focus more on.
Mar 20, 2023
39 min

Bots; they can be both helpful assistants and harmful pests, and you’ll find them all over the internet targeting most public facing applications in some way or another. But what actually are they?To explore the bad bots on the Internet, Robby is joined by someone that has spent the last seven years studying them, Dan Woods, Global Head of Intelligence, F5.They talk about why Dan became fascinated by bots, real-life examples of how bots are being used, and what separates the sophisticated bots from the rest.They also discuss if we are underestimating the sophistication and the motivation of the organisations behind these automations, how botnets and human click farms work, and whether Elon Musk will be able to solve his bot problem on Twitter.
Mar 6, 2023
38 min

House of Pain: new EU cyber regulationsNIS2, DORA, the Cyber Resilience and Artificial Intelligence acts; have you started to familiarise yourself with the new EU cyber regulations that are coming into force?In this episode, Robby welcomes Rolf von Roessing, former Vice Chair of ISACA Global, and CEO of FORFA Consulting, a German company specialising in senior level consultancy and advisory work.During their conversation, Rolf provides an introduction to a few new and upcoming EU regulations many are now starting the familiarise themselves with; the Network and Information Security Directive, version 2 (NIS2), the EU Cyber Resilience Act, the Artificial Intelligence Act and the Digital Operational Resilience Act (DORA).Rolf walks us through these upcoming regulations, and provides an overview of the main differences between them, who the regulations are for and who they will affect.Feel free to check out the video version of the podcast on ISACA Norway's channel - https://www.youtube.com/@isacanorwaychapter
Feb 28, 2023
42 min
Load more
