Security Confidential
Security Confidential
Dark Rhino Security
Security Confidential provides weekly interviews and insights into the world of cybersecurity. Produced entirely in-house by MSSP & global risk management firm Dark Rhino Security.
Dennis Underwood - CEO of Cyber Crucible
Dennis Underwood joins host Manoj Tandon in this episode of Security Confidential. Dennis shares about his military background and how he turned to cyber to help shape his career. He is an Veteran, Father, Cryptographer, Threat Hunting Expert, and Ransomware Expert. Among his 10 years of combat experience, Dennis also has over 20 years experience being an Entrepreneur.     00:00 Introduction  01:00 Military Background  10:50 A Career in Cyber  11:50 Ransomware  16:13 Executive perspective  21:46 The Cloud and How it affects you  25:30 Speed bump Security  27:07 Rate of Encryption   31:30 Cyber Crucible  39:00 Chaos Monkeys  42:40 B-Sides PGH  45:22 Outro   To learn more about Dennis visit https://www.linkedin.com/in/dennis-underwood/  Be sure to check out https://www.cybercrucible.com/  To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com
Aug 30, 2021
46 min
Mia Landsem - Hacktivist Helping Change Lives
Mia Landsem joins host Manoj Tandon in this episode of Security Confidential. From Norway, Mia discusses how a series of unfortunate events led into an astonishing Career choice. Mia has used her skills in cybersecurity to help many people. She has focused her attention on image abuse which led to a nomination in 2021 as Cybersecurity Women of The Year. She is a best selling author, has numerous TV appearances, lectured at over 300 schools, and has helped train law enforcement on pursuing criminals posting pictures of minors. 00:00 Introduction  01:16 How Mia got into Cybersecurity  03:17 Making The Olympic Team  04:27 Learnings from sports training applied to cybersecurity  07:20 Advice on Cyberbullying  09:30 Law enforcement response to Cyberbullying   11:00 The Law and illicit pictures of minors  16:54 Using Cyber knowledge to stop Image Abuse  22:21 Changing the Laws on Image Abuse  24:14 Working with the Police   29:51 Cybersecurity Woman of the Year   31:03 Privacy rules and catching pedophiles   36:20 Moving forward   42: 45 How illicit pictures are propagated   53:23 Can pedophiles recover?  55:00 Contacting Mia
Aug 17, 2021
58 min
Laura Tich-Cybersecurity Women of the Year Nominee and Founder SheHack_KE
Laura Tich, founder of SheHacks_KE and Cybersecurity Women of The Year Nominee joins host Manoj Tandon on this episode of Security Confidential. Laura along with SheHacks_KE has helped over 400 people on their Cybersecurity Career journey. She discusses: 00:00 Introduction 01:30 What led to the nomination of Cybersecurity women of the Year? 03:27 Why focus on Information Security 05:40 High tech environment in Kenya 08:20 The work of SheHacks_KE 10:44 Cybersecurity threats Kenyan business face 13:30 Cybersecurity awareness in Kenya 15:16 Personal security challenges 17:14 The people impact of SheHacks_KE 18:37 Ransomware impacts in Kenya 22:00 Providing defense in depth to organizations in Kenya 26:15 Supporting SheHacks_KE
Aug 9, 2021
27 min
Cybersecurity in the Cloud Where the Rubber Meets the Road
Sean Sweeney is a frequent author and speaker on cybersecurity. In this episode of Security Confidential Sean talks about cloud security. He has a deep background in cloud security. Sean currently leads the Field CISO and Cloud Security Advisor group within Oracle North America Cloud Engineering.  In his prior role Sean was with Microsoft where he was the Global Chief Security Advisor. Sean is a previous Chief Information Security Officer at the University of Pittsburgh, and Litigation Support Applications Manager for the U.S. Department of Justice. Sean began his career as a Database Administrator for ExxonMobil and the U.S. Department of the Interior. 00:09 Sean Sweeney’s Background  01:38 From DB Admin to CISO  05:00 Helping Dave Hickton prosecute cyber criminals  06:52 The future of cybersecurity  07:20 SAS, PAS, IAS-Your responsibilities in cloud cybersecurity  13:33 If IP is exfiltrated from the cloud app, whose responsible?  14:30 What gets popped in the cloud environment!  15:23 What is the difference between zero trust and SASE?  19:45 What is the order of implementing elements of SASE or Zero Trust  23:10 The role of MDM in BYOD  26:54 Too much friction is a risk  32:27 Should the CISO work for the CIO?  36:58 How do you secure hybrid cloud environment?  42:34 Accelerator Program at Oracle  45:49 Dealing with Ransomware  50:26 Struggling with vulnerability management To learn more about Dark Rhino Security
Jul 26, 2021
55 min
You Are What You Risk
#SecurityConfidential #DarkRhinoSecurity Strategist and best-selling author Michele Wucker coined the term “gray rhino” for obvious, probable, impactful risks, which we are surprisingly likely but not condemned to neglect. The metaphor has moved markets, shaped financial policies, and made headlines around the world. It became a frame for the ignored warnings that led to the COVID-19 pandemic and a lyric in a hit BTS single about depression. Michele’s 2019 TED Talk has attracted 2.5 million views. She is the author of four books including the global bestseller THE GRAY RHINO: How to Recognize and Act on the Obvious Dangers We Ignore; and the new book YOU ARE WHAT YOU RISK: The New Art and Science of Navigating an Uncertain World. A former media and think tank executive who began her career writing about emerging market finance, Michele is founder of the Chicago-based strategic advisory firm, Gray Rhino & Company. She speaks regularly to high-level audiences on risk management, the global economy, and decision-making, and is quoted often in leading media. She has been recognized as a Young Global Leader of the World Economic Forum and a Guggenheim Fellow, among other honors. Visit her website at www.thegrayrhino.com or www.wucker.com; follow her on twitter @wucker.   00:00 Introduction 01:22 How the name Grey Rhino was coined  05:45 Why companies put off dealing with Risk  10:55 What is an individual’s risk fingerprint  12:26 Does nature or nurture win on defining One's risk fingerprint?  14:01 Are there one or two that stand out in shaping One's risk fingerprint?  21:28 Millennials and risk   24:58 The risk muscle  28:09 Building your risk muscle  34:05 Genetics and risk  40:00 How to change an organization's risk fingerprint  45:30 https:/Thegreyrhino.com  45:53 Newsletter Around my Mind
Jul 13, 2021
46 min
How to Build a Great Cybersecurity Program
Naomi Buckwalter joins Security Confidential as a guest on this episode. Naomi has over twenty years of experience in Cybersecurity, two degrees from Villanova, and has worked at great companies like Vanguard. She brings her wealth of knowledge on Cybersecurity and discusses all the foundational elements of a great cybersecurity program from hiring the right people, Cybersecurity's effects on everyday life, shifting left in Cybersecurity to enhance it, using Cybersecurity as a revenue generator, all the way to quantifying risk and explaining it to the C-Level. There is something in this discussion for everyone interested in Cybersecurity. 00:00 Introduction  01:18 The demand gap in Cybersecurity for personnel  12:06 Cybersecurity bleeding into everyday life   19:11 Gatekeeper and created hindrances in Cybersecurity  19:45 Crafting a defense in depth architecture  23:00 The importance of explaining of the why in Cybersecurity to people  25:00 Christian Espinosa The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity  25:46 Diversity of thought  28:00 Convincing executives to take on fresh Cybersecurity talent  32:00 Is being a women in Cybersecurity is a plus?  37:20 Shifting left in Cybersecurity-what is that?  44:10 Quantifying and communicating cyber risk to the c-level  46:14 Understanding corporate revenue channels and their importance to Cybersecurity  47:37 Using Cybersecurity as a revenue generator  51:38 Cybesecuritygatebreakers.org
Jul 6, 2021
54 min
The Seven Conversations in Cybersecurity to Increase Deterrence for Criminals
#SecurityConfidential #DarkRhinoSecurity  Charles Herring, CTO of witfoo, joins this episode of Security Confidential. Charles started his career in Information Security in 2002 with the US Navy, serving as the Network Security Officer at the US Naval Postgraduate School. Charles has been a contributing product reviewer for InfoWorld Magazine and spent 7 years running Herring Consulting a firm dedicated to process orchestration. Charles is dedicated to maturing the craft of Infosec. 00:00 Introduction  02:12 Getting a start in Cybersecurity and transition to civilian life   13:22 7 unstable conversations in Cybersecurity  14:40 Establishing a unit of work-increasing deterrence  20:04 Law Enforcement success with cyber crimes-Sharing Information  24:34 How to vet the quality of Threat Intelligence  26:47 Dealing with the Unknown-Unknowns-Zero Day Attack  33:26 1st unstable conversation-understanding all the data from the toolsets  36:36 2nd unstable conversation-managing the investigators  37:28 3rd unstable conversation-security practice communicating with the business  40:23 4th unstable conversation-security vendors lie  41:42 5th unstable conversation-challenges in sharing information by orgs  42:00 6th unstable conversation-law enforcement sharing information  42:04 7th unstable conversation-law enforcement lacks evidence to prosecute  43:30 What is witfoo?  48:24 https://www.logfibber.com  50:10 Breaking in Bad
Jun 28, 2021
52 min
TechVibe Radio Busts Cybersecurity Myths!
Manoj Tandon, one of the founders of Dark Rhino Security, appeared on Pittsburgh Technology Council's TechVibe Radio on ESPN 970. This is a complete repost of the show which is wholly owned and operated by the Pittsburgh Technology Council. The Mythbusting in Cybersecurity starts at time marker 15:55. Please subscribe and leave your comments.
Jun 21, 2021
29 min
OpenSource Software and Cybersecurity
#SecurityConfidential #DarkRhinoSecurity Fredrik Oedegaardstuen joins Dark Rhino's Security Confidential to discuss Open Source software in cybersecurity. Fredrik the is the CEO of Shuffle, an automation platform. He has been a software engineer and has extensive experience in SOC operations in an MSSP environment. Fred discusses many topics ranging from monetizing open source software, myths with open source, architecture and design, silver bullets in cybersecurity, and provides cautionary advice. 02:34 Why Tokyo  04:13 Open source and cybersecurity  06:37 Monetizing Open Source Software  12:17 Myth of Open Source tools being not that secure  13:29 Shuffle-The security automation platform  18:40 Architecture of Shuffle inspired from the NSA  26:21 Integration of disparate systems  32:26 Tools and Silver Bullets in Cybersecurity  34:09 Does the role of the analyst change with Shuffle?   40:04 Cautionary advice on automation Frikkylikeme is Fredrik's Twitter Handle
Jun 14, 2021
46 min
Protecting Critical Infrastructure to Compliance and Giving Back
Hans Vargas Silva joins this episode of Dark Rhino Security's Security Confidential Podcast and Videocast. Hans is a leader in cybersecurity leader. He has extensive experience in the field. Hans has worked with Sallie Mae and is currently with Marathon Petroleum. He has a great academic background with degrees and certificates from Purdue, MIT, and Harvard. He provides his thoughts and experiences on protecting critical infrastructure from cyber intrusions, compliance and cybersecurity, giving back to the community and much more.   01:13 How Hans got into Cybersecurity  04:00 How education shapes a career in Cybersecurity  08:56 Critical Infrastructure and Cybersecurity  19:40 Compliance is a low bar for Cybersecurity  23:57 Incomplete deployments of Cybersecurity solutions   24:49 How to communicate cyber risk  29:58 The dilemma of regulators  34:44 Sharing security information with the Federal Gov’t  39:20 Contributions to infosec from academia  42:25 Giving back and volunteering   To learn more about Team Rubicon
Jun 7, 2021
51 min
Load more