
The cybersecurity employment market is in a unique situation - teams are often underfunded and overtaxed, while layoffs at big tech and other security-reliant critical firms have left insecurity in the industry - as regulatory requirements and evolving threats require ever more attention to the topic. Meanwhile, academic institutions are continuously challenged to improve their approaches to developing the next generation of talent. Cyber- and information security are broad topics, and benefit from a wide range of knowledge, experiences, and areas of study - not just hard core hands-on tech skills. This raises questions about how aspiring cybersecurity experts should direct their studies, and how academic leaders and institutions can support them in this journey. Today we welcome Dr. Gergely "Greg" Dzsinich, CyAN board member and professor at Emlyon business school in Lyon, France, and Florian Muntner, a masters degree candidate embarking on a cybersecurity career later this year who is supporting a privacy project led by Prof. Dzsinich. Join us as we talk about a wide range of considerations when aiming for a cybersecurity career via various academic disciplines, as well as the unique project approach of the Emlyon team to create continuity among successive "generations" of students aiming for careers in the cybersecurity field. You can find Dr. Dzsinich on LinkedIn here - https://www.linkedin.com/in/gdzsinich/ ...and Florian Muntner here: https://www.linkedin.com/in/florian-muntner/ This episode of Secure-in-Mind is also available in video form at https://youtu.be/yQWF1DNubbU Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jul 13, 2023
52 min

Many of us have fallen victims to scams. Most of us know someone else who has. Fraud did not start with the Internet, but it has unfortunately become an integral part of the online experience. Jorij Abraham is Managing Director of the Global Anti-Scam Alliance (GASA), a non-profit organization based in Amsterdam and a partner to CyAN. In today's Secure-in-Mind episode, we talk about GASA's mission fighting scams of all sorts. What is a scam? What types of scams are most common around the world, who are the victims, and who are the major perpetrators? Jorij shares his experience in helping to fight abuse, whether it involves fake work visa promises, business email compromise, as well as subscription, romance, crypto, and many other scams that defraud innocent victims of their money. How are we working with law enforcement? What are tech companies doing to fight scams? And, as always, we ask Jorij his views on what the future will bring. CyAN strongly endorses GASA's mission; visit them at https://gasa.org, as well as their https://scamadviser.com service where you can check whether something is a known scam. Consider also register for GASA's annual summit in Lisbon, Portugal, on Oct 18-19 2023 - https://www.gasa.org/event-details/4th-global-anti-scam-summit-2023 You can find Jorij on LinkedIn at https://www.linkedin.com/in/jorijabraham/ The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - This episode is available as a video at https://youtu.be/XidPnG6SmaY All our various media channels are here: https://cybersecurityadvisors.network/media Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jul 2, 2023
50 min

Let's face it: your company will be breached. This is just a reality in today's business world. The first step is to accept this, and to understand why it happens. The next step is to take steps to minimize the damage from a security incident when it inevitably occurs. In today's episode of the Secure-in-Mind series of conversations about security topics, CyAN explores the topic of surviving a cyber incident - from both a human and an organizational level. How do you prepare for something you've never experienced before? What can you do to mitigate the damage when it happens? Will your business survive? And who do you turn to when things go wrong? Geoff Leeming is founder and consultant with Pragma, a Singapore-based cybersecurity firm providing preventative and response services to businesses around the world. You can find him on LinkedIn here: https://www.linkedin.com/in/geoffleeming Visit Pragma at https://pragma.ltd/ Check out the video version of this chat at https://youtu.be/9tCLFkuqJ1E - and don't forget to watch the rest of CyAN's great videos at https://youtube.com/@cybersecadvisors CyAN is at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jun 19, 2023
49 min

In today's episode of the Secure-in-Mind series, I'm joined by Anthony Hess, CEO of co-founder of cyber crisis management and response firm Asceris. Anthony has a wealth of experience working with insurance firms, especially in the field of cybersecurity and cyber risk insurance, and combines a strong technologist's background with a wealth of knowledge around insurance logic, policy types, underwriting methodologies, and more. Cyber risk insurance has been a growing topic over the past decade, and in our conversation today, we seek to address several misconceptions about this type of service, while giving you a basic understanding of what you need to know when considering such a service. For example, we talk about - what types of policies are there? - what's all the hubbub around Lloyds of London's much-discussed "cyber acts of war" exception? - what's the relationship between insurance and regulatory risk management requirements? - what types of services to insurance firms offer to their customers? ...and many more. Visit him on LinkedIn at https://www.linkedin.com/in/anthonyhess/ You can find Asceris at https://www.asceris.com/ Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/ Our YouTube channel is at https://youtube.com/@cybersecadvisors Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jun 19, 2023
1 hr 4 min

In the latest episode of the Good Faith Cybersecurity Researches' Coalition dialogues, we speak with Mischa Hansel, head of the research focus on international cybersecurity at the IFSH - the University of Hamburg institute for peace research and security. In our conversation, we cover topics such as - stockpiling and weaponizing of cyber vulnerabilities by state actors - vulnerability reporting requirements to national authorities - handling of cyber vulnerabilities by authoritarian governments - the impact of free discourse around vulnerabilities on liberal democracy - vulnerability-as-a-service providers - the role of academia and free research in the uncovering of cyber vulnerabilities A few links Mischa provided that are relevant to this conversation, and to IFSH's work: - International Cybersecurity Made in Hamburg: https://international-cybersecurity.com/ - A paper published in Just Security around strengthening cybersecurity researchers https://www.justsecurity.org/81293/empowering-security-researchers-will-improve-global-cybersecurity/ - the IFSH newsletter (Jan's Cyber Hotchpotch) " offering an entertaining weekly summary of what is going on in cybersecurity" - subscribe via https://ifsh.us6.list-manage.com/subscribe?u=2fda1cac544809b12bab70663&id=d8ad8ab2a0 - A paper on the peace and security implications of cybercrime: https://ifsh.de/file/publication/Research_Report/012/Research_Report_012_EN_web.pdf IFSH is at https://ifsh.de/ You can find Mischa Hansel on LinkedIn at https://www.linkedin.com/in/mischa-hansel-7207ba1a2 Visit us at https://gfcrc.org - and check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Also check out the GFCRC video series at https://youtube.com/@gfcyber Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Jun 13, 2023
53 min

In today's episode of the Secure-in-Mind series, Joe Cozzupoli and I confront some burning topics around how to deal with artificial intelligence (AI) when confidential or critical data is involved. On the CyAN blog, Joe recently wrote about the need to balance privacy and security in AI systems - you can find that article here: https://cybersecurityadvisors.network/2023/05/03/balancing-privacy-and-security-in-ai-systems-navigating-the-cybersecurity-conundrum/ As a follow-up to this piece, we address considerations in ensuring the security and confidentiality of critical data whenever AI is used...including the idea that fundamental concepts of responsible use of data don't go away just because it's a new technology. How should existing information security policies and good practice be updated to take these new capabilities into consideration? How are regulators around the world trying to ensure that AI doesn't introduce unacceptable risk? Joe is a Senior Information Security Advisor at Microsoft in Australia, and CyAN member. All views expressed in this conversation are his personal opinions and not those of Microsoft. Visit him on LinkedIn at https://www.linkedin.com/in/jcozzupolicissp Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/ Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
May 22, 2023
41 min

Dr. Jacqui Taylor and John Salomon talk about the state of diversity in the cybersecurity industry. What is the state of women in the sector, and how are neurodiverse professionals represented in information security positions? What are the current challenges facing underrepresented groups in industry, how do we see this developing in the coming years, and how can we help address current imbalances? In this conversation, we explore why, aside from it being the right thing to do, companies actually benefit from a more representative workforce. Employers with access to a broader range of skills, backgrounds, and attitudes are likely to be much more capable of managing and mastering cybersecurity risk.We also explore how younger generations are approaching this topic. How has the digital native experience of Millenials, Gen Z, and beyond shaped their attitudes towards equity, diversity, and better representation of different population groups in the technology / cybersecurity arena? How can the current generations of professionals talk to these groups and encourage them to take an interest in cybersecurity? Dr. Jacqui Taylor is CEO and founder of FlyingBinary, a UK-based deep tech innovation firm. Among numerous other activities, she is a frequent public speaker on a variety of topics around technology, geopolitics, and beyond. Check out FlyingBinary - "The home of our Cyber Security Work across the world" at https://flyingbinary.com/contact/, and on LinkedIn at https://www.linkedin.com/company/1202052 - You can find Jacqui on LinkedIn at https://www.linkedin.com/in/dr-jacqui-taylor/ For Jacqui's website "The home of the Empathy Economy and my equity mission", please have a look at https://jacqui.online CyAN's mentorship programme is announced here: https://cybersecurityadvisors.network/2023/04/12/cyan-announces-mentorship-programme/ Visit us at https://cybersecurityadvisors.network
Apr 12, 2023
43 min

Welcome Wim Hafkamp, Managing Director of Z-CERT, the Dutch healthcare CERT, and Quartermaster / Chairman of the European Health ISAC. Wim brings many years of information security leadership experience in the financial sector to his current organisation's role of supporting the cybersecurity resilience of the Dutch medical and healthcare community. In the latest in our Secure in Mind series, we discuss the issues currently facing health institutions and providers in defending against cyberattacks, complying with regulations, and working together across borders and with public sector partners. A few of the concepts mentioned in the video: EU Cybersecurity Act: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act EU Cybersecurity Certification Framework: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework NIS2 Directive: https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333 Attacks on Irish Health Service Executive attacks: https://en.wikipedia.org/wiki/Health_Service_Executive_ransomware_attack Ransomware attacks on hospitals in Victoria (Australia): https://www.abc.net.au/news/2019-10-01/victorian-health-services-targeted-by-ransomware-attack/11562988 (Actually I was referring to an earlier campaign but this one's more recent and equally relevant) André Mignot attack (2022): https://www.france24.com/en/france/20221205-french-hospital-suspends-operations-after-cyber-attacks Brussels ransomware case: https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre 2023 Barcelona hospital ransomware case: https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/ Z-CERT's homepage: https://www.z-cert.nl/ EU Health ISAC (via the Empowering EU ISACs initiative): https://www.isacs.eu/european-isacs Find Wim on LinkedIn at https://www.linkedin.com/in/wimhafkamp/ Visit us at https://cybersecurityadvisors.network
Mar 29, 2023
38 min

Welcome Eward Driehuis, chairman of the board of CSIRT.global. Eward has a long and diverse history in the information security sector, and currently supports the mission of CSIRT.global, a not for profit vulnerability and incident management collective based in the Netherlands. Today, we talk about a wide range of topics, including - various types of malware - the evolution of visibility into different types of threat actors - different "use cases" of malware, and different perspectives of public vs. private sector defenders - objectives, tactics, techniques, and procedures (TTPs) of purely commercial criminal gangs vs. those of spies - supporting cybersecurity preparedness and resilience in small to medium size enterprises (SMEs) - Internet structural vulnerabilities - how not to annoy customers when selling information security products and solutions - the impact of cybercrime and disinformation on societal stability, and how different generations deal with this Some links to topics mentioned in the video: GameOver Zeus malware: https://www.cisa.gov/news-events/alerts/2014/06/02/gameover-zeus-p2p-malware Dyre banking trojan: https://www.secureworks.com/research/dyre-banking-trojan Dridex malware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-339a Kaseya vulnerability (CVE-2021-30116): https://www.cvedetails.com/cve/CVE-2021-30116/ REvil ransomware attack: https://blog.qualys.com/product-tech/2021/07/08/kaseya-revil-ransomware-attack-cve-2021-30116-automatically-discover-and-prioritize-using-qualys-vmdr The Dutch Institute for Vulnerability Disclosure: https://www.divd.nl/ CSIRT.global homepage: https://csirt.global/ Eward's LinkedIn profile: https://www.linkedin.com/in/ewarddriehuis/ Visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Mar 21, 2023
58 min

CyAN welcomes Inti de Ceukelaire, ethical cybervulnerability researcher, and Chief Hacker Officer at Intigriti, a Belgium-based bug bounty platform. We talk about a wide range of topics relevant to legal protections of responsible vulnerability researchers and disclosure, using the recently implemented Belgian safe harbor law as a basis for discussion. Industry and society depend on timely awareness of software vulnerabilities from reliable,. ethical sources such as white hat hackers. Meanwhile, obsolete computer misuse laws in many countries make A few relevant links to topics mentioned in the video: OECD recommendations for coordinated vulnerability disclosure: https://one.oecd.org/document/DSTI/CDEP/SDE(2021)9/FINAL/en/pdf https://www.oecd.org/digital/encouraging-vulnerability-treatment-0e2615ba-en.htm OECD paper on vulnerability treatment: https://one.oecd.org/document/DSTI/CDEP/SDE(2020)3/FINAL/en/pdf Good Faith Cybersecurity Researchers Coalition: https://gfcrc.org Vulnerability reporting to the Centre for Cyber Security Belgium (CCB): https://ccb.belgium.be/en/vulnerability-reporting-ccb Intigriti blog on Belgian safe harbor framework: https://blog.intigriti.com/2023/01/19/new-belgian-legal-framework-gives-safe-harbor-to-ethical-hackers-and-bug-bounty-hunters/ Marcus Hutchins: ttps://en.wikipedia.org/wiki/Marcus_Hutchins St. Louis Post-Dispatch web "hacking" case: https://www.washingtonpost.com/media/2021/10/14/mike-parson-st-louis-post-dispatch-hacker/ Gold Standard Safe Harbour Initiative: https://www.hackerone.com/press-release/hackerone-announces-gold-standard-safe-harbor-improve-protections-good-faith-security Bonus old school cultural phenomenon mentions: Doom II: https://en.wikipedia.org/wiki/Doom_II The Cuckoo's Egg, by Cliff Stoll: https://www.goodreads.com/book/show/18154.The_Cuckoo_s_Egg Inti's LinkedIn profile: https://www.linkedin.com/in/intidc/ Intigriti: https://www.intigriti.com/ Visit us at https://cybersecurityadvisors.network and https://gfcrc.org Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Mar 20, 2023
52 min
Load more
