Your favorite cybersecurity evangelist waxes solo and prattles on about patching in this no frills episode of TCE.
Otros episodios de "The Gate 15 Podcast Channel"
The Gate 15 Interview EP 19. Ronnie Tokazowski, Principal Threat Advisor at Cofense on Business Email Compromise (BEC), 419 scams, Indian food, and so much more!
1:09:48Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. In this episode of The Gate 15 Interview, Andy Jabbour speaks with Ronnie Tokazowski, Principal Threat Advisor at Cofense. Ronnie is a recognized expert cybersecurity researcher with success in reverse engineering both crimeware and Advanced Persistent Threat malware, including creation of decoders and indicators for detecting malicious attacks. When he’s not frustrating bad guys, Ronnie is an accidental YouTuber, likes cooking, spicy food, and memes. Ronnie on Twitter, @iHeartMalware. Ronnie’s YouTube channel: Ronnie Rants. In the discussion we address: Ronnie’s background and the work he’s doing at Cofense Business Email Compromise (BEC) Voodoo (no, seriously…) Ronnie’s hair and more! “(at Cofense), we try to go back to the human…” – Ronnie Tokazowski, during our discussion, 10 Jan 2022 A few references mentioned in or relevant to our discussion include: What 6 Years of Success in a Global Takedown Operation Looks Like, and How You Can Do It, Too, a Medium post by Ronnie, 02 Jan Cofense Faith-Based Information Sharing and Analysis Organization (FB-ISAO) FBI on Business Email Compromise (numerous links to BEC related information from the FBI) FBI 2020 IC3 Annual Report & 2020 State Reports G4 Boyz x G4Choppa "Scam Likely" (Official Video) G4 Boyz feat. G4Choppa - SBA Job (Official Music Video) G4Choppa & G4 Boyz - “In Scam We Trust” (Official Music Video - WSHH Exclusive) Here’s Ronnie providing some commentary: Fun with Fraudsters - Reacting to SBA Job by G4 Boyz Cofense Wins AI-Based Cybersecurity Solution of the Year in 2021 CyberSecurity Breakthrough Awards, 05 Oct 2021 Cofense Joins Microsoft Intelligent Security Association (MISA), 26 Oct 2021 Channel Insider: Best Email Security Providers & Services 2022, 23 Dec 2021 Traffic Light Protocol (TLP) Definitions And Usage, via CISA In our discussion, Ronnie mentions Brian Krebs’ Krebs on Security blog (and on Twitter, @briankrebs). Some links to his BEC-related posts can be accessed here.
The Cybersecurity Evangelist: Ep 15 - Happy New Cyber Habits 2022!
29:58This first TCE episode of 2022 (and first video - on Spotify) includes a few gentle and some not-so-gentle reminders on cybersecurity best practices and practices for better cyber hygiene. I start with a few cybersecurity controls for businesses to buckle down on this year, including identifying assets, vetting vulnerabilities, and pursuing more potent password policies. Then, I actually persist on the password point with some pontification about our predilection for problematic passwords and propose pointers for a more polished password posture. While there’s probably nothing new in this episode, I hope it serves as a gentle nudge to promote better cyber hygiene habits – not just resolutions for 2022, but positive habits to develop for all-time toward a more cyber secure you! I also evangelize for a new CISA resource - the Known Exploited Vulnerabilities Catalog. Other resource mentioned in this episode: https://www.consumer.ftc.gov/articles/password-checklist
The Gate 15 Interview EP 18. RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ Roll
1:02:42The Gate 15 Interview: RILA Perspective on Organized Retail Crime, plus Mama’s Meatballs, Country Music and Jersey Rock n’ RollIn this episode of The Gate 15 Interview, Andy Jabbour speaks with two leaders from the Retail Industry Leaders Association (RILA), Ms. Lisa LaBruno, RILA’s Senior Executive Vice President of Retail Operations, and Mr. Michael Hanson, RILA’s Senior Executive Vice President of Public Affairs. The RILA “is the U.S. trade association for leading retailers. RILA partners with leading retailers to meet the challenges of a dynamic economy. Through collaboration and thought leadership, we advance ideas that foster free markets, competition, economic growth, and sustainability.” RILA on Twitter, @RILATweeets.In the discussion we address: The enduring threat of Organized Retail Crime (ORC) Private sector activity relating to ORC Private-public partnership and legislative action on ORC RILA’s focus for 2022 Country music, meatballs, Springsteen, and more! A few references mentioned in or relevant to our discussion include: RILA website - https://www.rila.org Real Estate Information Sharing and Analysis Center (RE-ISAC) RILA: CEOS Call on Congress to Address Surge of Retail Crime, 09 Dec 2021 The Buy Safe America Coalition Impact of Organized Retail Crime and Product Theft, Buy Safe America The INFORM Consumers Act of 2020, Buy Safe America Retailers Press Amazon to Back INFORM Consumers Act, Buy Safe America, 27 Aug 2020 Durbin, Cassidy, Grassley, Hirono, Coons, Tillis Introduce Bill to Ensure Greater Transparency for Third-Party Sellers of Consumer Products Online (The Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers [INFORM Consumers] Act), 23 Mar 2021 Amazon: INFORM Act punishes small businesses and favors one particular business model, 28 Apr 2021 Buy Safe release announcing the study: Retail Theft Balloons to over $68 Billion, Buy Safe America Homeland Security Express Concern on Retail Crime, Buy Safe America ‘What is organized retail crime? Organized retail crime (ORC) refers to professional shoplifting or other theft occurring in retail stores. These criminals are increasingly turning to online marketplaces to quickly and discretely move mass quantities of stolen merchandise. Unfortunately, these criminal rings are growing more brazen and violent, putting the safety of customers and store employees in jeopardy. Organized rings are often involved in other crimes within the community, including narcotics, money laundering and human trafficking.’ – Buy Safe America, https://www.buysafeamerica.org/myth-vs-facts Lisa LaBruno is RILA’s Senior Executive Vice President of Retail Operations. In this role, LaBruno leads RILA’s efforts in the association’s key retail disciplines including asset protection, store operations, supply chain and e-commerce. She directs all research initiatives, educational programming for the annual LINK and Retail Asset Protection conferences, and executive networking to promote operational excellence within the industry. She has 30 years of relevant experience in both the public and private sector, including as an assistant prosecutor (Hudson County, NJ), in-house attorney at the Archdiocese of Newark and in-house attorney at The Home Depot and serves on the Board of Directors of the Loss Prevention Foundation. Michael Hanson is RILA’s Senior Executive Vice President of Public Affairs, overseeing the Association’s government affairs and communications arms. Hanson is responsible for identifying the industry’s top public policy challenges and working with both leading retailers and key stakeholders to elevate the industry in Washington, DC and across the country. Hanson most recently served as chief public policy officer at Sabre, a leading travel technology company, where he led legi
Nerd Out Security Panel Discussion: EP 20. Retail crime and the year it was!
47:55The last Nerd Out episode of the season comes out strong talking about retail crime as Bridget shared stories of her busting out shoplifting trends, and then talking about the larger security issues at play (specifically overwhelming security) with the latest smash and grab incidents during the holidays. Joe then talked about the ways that these type of issues could spread to other sectors and encouraged organizations to evaluate their processes and training. The nerds then turned the clock back to look at some of the takeaways from 2021 while looking ahead to 2022 to see what organizations can do to start planning for. And for all the areas that were covered, there were so many more highlighting the continued challenge that organizations face. Wrapping up the year on a fun note, the merry band of nerds talked about their favorite holiday movie. Can you guess them all? It's been quite a year for the Nerd Out podcast and we want to wish you all a safe holidays, and we are looking forward to a great 2022! Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: [email protected]; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
The Risk Roundtable: EP 25. Holiday scams, reporting and year end fun!
47:41In the latest episode of the Risk Roundtable, Andy leads the team through a review of the latest risks facing individuals and organizations. Jen decked the halls talking about the latest holiday scams that continue to bring coal to good boys and girls. Then Dave talked about the latest school shooting in Michigan and tried not to be a Scrooge by talking about some positive take-aways while highlighting important lessons still to be learned in Christmas future. Then, while Dave danced to spinning the wheel in his head, the roundtable talked about their favorite moments from across the Gate 15 Podcast Channel, after all, we are living in a physical world (Jen). The podcast wrapped up with some holiday cheer talking about favorite television or movies for the season. From all of us at Gate 15, to all of the security teams and organizations around the world, here is hoping for a happy holidays and a wonderful 2022! Companies Linked to Russian Ransomware Hide in Plain Sight. Cybersecurity experts tracing money paid by American businesses to Russian ransomware gangs found it led to one of Moscow’s most prestigious addresses. https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html Gate 15 Releases a White Paper with an Update to the Hostile Event Attack Cycle. https://gate15.global/gate-15-releases-a-white-paper-with-an-update-to-the-hostile-event-attack-cycle/ Known Exploited Vulnerabilities Catalog | CISA. https://www.cisa.gov/known-exploited-vulnerabilities-catalog Advanced threat predictions for 2022. Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. https://securelist.com/advanced-threat-predictions-for-2022/104870/
The Gate 15 Interview EP 17. Bob Kolasky talks critical infrastructure, risk, Guns N’ Roses and pizza
45:48In this episode of The Gate 15 Interview, Andy Jabbour talks with Robert (Bob) Kolasky, Cybersecurity and Infrastructure Security Agency’s (CISA) Assistant Director, leading the National Risk Management Center (NRMC) since 2018. At the NRMC, Bob “oversees the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. The Center provides a central venue for government and industry to combine their knowledge and capabilities in a uniquely collaborative and forward-looking environment. Center activities support both operational and strategic unified risk management efforts. ” Bob’s complete DHS bio (https://www.cisa.gov/bob-kolasky). Bob on LinkedIn (https://www.linkedin.com/in/bob-kolasky-92ab554/). Bob on Twitter, @BobKolasky. In the discussion we address: • Bob’s background • The CISA National Risk Management Center • Election security and election integrity • DHS’s role in 5G risk management • DSH and climate change • Designated sectors of critical infrastructure and some potential upcoming changes • Growing up Gen X, music, pizza and more! A few references mentioned in or relevant to our discussion include: About the NRMC: • The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) • Visit the NRMC Initiatives to learn more about each initiative - https://www.cisa.gov/nrmc-initiatives • Visit the NRMC Newsroom for the latest press releases, media advisories, and blog articles - https://www.cisa.gov/nrmc-newsroom • Download and share the National Risk Management Center Fact Sheet - https://www.cisa.gov/publication/national-risk-management-center-fact-sheet Additional background (general): • NSA-CISA Series on Securing 5G Cloud Infrastructures • Auto-ISAC. We tipped our hats to Auto-ISAC Executive Director, Faye Francy. • The Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC®) was established by the EIS-GCC to support the cybersecurity needs of the elections subsector. Through the EI-ISAC, election agencies will gain access to an elections-focused cyber defense suite, including sector-specific threat intelligence products, incident response and remediation, threat and vulnerability monitoring, cybersecurity awareness and training products, and tools for implementing security best practices • White House: Readout of President Joseph R. Biden, Jr. Call with President Vladimir Putin of Russia, 09 Jul (RE: ransomware). • White House: FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware, 13 Oct. • White House: Background Press Call on the Virtual Counter-Ransomware Initiative Meeting, 13 Oct. • White House: Joint Statement of the Ministers and Representatives from the Counter Ransomware Initiative Meeting October 2021, 14 Oct. Space as critical infrastructure: • The Gate 15 Interview Ep. 16: Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!) • INSA: Designating Space Systems As New U.S. Critical Infrastructure Sector, 02 Nov. • Space hacking risks pose cyber policy test for Biden admin, 02 Nov. • Aspen Institute Panel: Space as Critical Infrastructure, 03 Nov. • Space could be the next frontier for cyber threats, 08 Nov. • FACT SHEET: Vice President Harris Announces Initiatives on Space and Cybersecurity, 10 Nov. Faith-Based organizations as critical infrastructure: • Security Debrief: A Letter to the Trump Administration – Establish a Faith-Based Sector of Critical Infrastructure, 15 Jun 2020. • The Cybersecurity Evangelist: EP 8 – The ISAC Series, Part 4 – Faith-Based ISAO Climate Change: • DHS Actions: Climate Change - https://www.dhs.gov/dhs-actions-climate-change • White House Fact Sheet: Prioritizing Climate in Foreign Policy and National Security, 21 Oct. • DHS Strategic Framework for Addressing Climate Change. “The U.S. Department
Nerd Out Security Panel Discussion: EP 19. Talking Crowd Control and the Holidays - in 2 Parts!
57:07In the latest episode of Nerd Out, this is a very special two parter. In the first part, the nerdies (Bridget and Joe) talk about the fallout from the Houston Astropark disaster ranging from the considerations that go into the event planning, and whether there should be a blame game. And then they look at how threat actors may use this event for future threat planning (note the Hostile Events Attack Cycle) before turning their attention to the latest National Terrorism Advisory System Bulletin release and what it could mean for the holidays. In part two, Dave welcomes in Tamara Herold and goes a little deeper into the Houston incident and what it could mean for events moving forward. Some references brought up in the podcast: Example of Crowd wave: https://www.youtube.com/watch?v=BgpdmAtbhbE Crowd Dynamics: https://www.youtube.com/watch?v=kmqsc7srIfY and https://www.youtube.com/watch?v=Txrs4ssiAz0 Roger Federer saves kid: https://www.youtube.com/watch?v=RymfiBXKuMQ 2018 Concert in Italy: https://celebrityaccess.com/2018/12/08/all-ages-concert-stampede-in-italy-leaves-at-least-6-dead/ Dave Pounder is a Senior Risk Analyst for Gate. Twitter: @dpounder; email: [email protected] Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: [email protected]; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/ Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ Tamara D. Herold, Ph.D., Associate Professor, Graduate Director, University of Nevada, Las Vegas (UNLV) Director, Crowd Management Research Council Department of Criminal Justice. Twitter: @advancetheline and @herold_tamara
The Risk Roundtable: EP 24. Are you Living in the Physical World?
44:21In the latest Risk Roundtable, Andy, Dave and Jen ponder whether or not we live in the physical world or if a little time off took Jen to a whole new dimension. Kicking off with another acronym soup month, the team looks at Critical Infrastructure Security and Resilience Month and the downstream impacts that can affect organizations who fail to incorporate for critical infrastructure into their preparedness plans. Then roundtable talked about the recent warning of terrorist capabilities to strike the U.S. as well as whether organizations are better prepared today to address a crisis than they were pre-COVID. In the process, the team came up with a new term - "Preparedness Calculus" - and whether organizations are evaluating events and factoring that into their preparedness process. The discussions wrapped up with Andy's three questions involving some favorite fall themes - warm clothing, turkey, and the Lion's losing. But before signing off, Dave had to talk about his enjoyment for Dune, but did he show some hypocratic tendencies? Some links to items discussed in the podcast included: White House Critical Infrastructure Month Proclamation. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/10/29/a-proclamation-on-critical-infrastructure-security-and-resilience-month-2021/ CISA Infrastructure Security Month Materials: https://www.cisa.gov/infrastructure-security-month https://www.cisa.gov/publication/guide-critical-infrastructure-security-and-resilience (2019) https://www.cisa.gov/publication/methodology-assessing-regional-infrastructure-resilience (June 2021) Critical Infrastructure Sectors. https://www.cisa.gov/critical-infrastructure-sectors See Something Say Something. https://www.dhs.gov/see-something-say-something See Something Say Something: Report Suspicious Activity. https://www.dhs.gov/see-something-say-something/how-to-report-suspicious-activity Webinar: Getting Started Now: Pandemic Preparedness After-Action Reports, 10 Apr 2020. https://gate15.global/webinar-getting-started-now-pandemic-preparedness-after-action-reports/ Webinar Recording: Getting Started Now: Pandemic Preparedness After-Action Reports, 17 Apr 2020. https://gate15.global/webinar-recording-getting-started-now-pandemic-preparedness-after-action-reports/ REN-ISAC and report: https://www.ren-isac.net/public-resources/workshops/index.html & https://www.ren-isac.net/public-resources/2021_REN-ISAC_Blended_Threat_Workshop_Final_Report.pdf
The Gate 15 Interview EP 16. Erin Miller, Executive Director, Space ISAC. Securing Space Infrastructure (and terrestrial critical infrastructure too!)
33:22In this episode of The Gate 15 Interview, Andy Jabbour talks with Erin Miller, Executive Director for Space ISAC (https://s-isac.org). “The Space ISAC serves to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information.” Erin on Twitter (@erinmarmiller). Erin on LinkedIn (@erinmarlenemiller). In the discussion we address: Erin’s background Space ISAC, now and into the future Blockchain in space Threats, risks and working with the community to secure space infrastructure Erin weighs in on important issues, including the great Pluto debate (!), and more in our three questions segment And more! Please enjoy this episode of The Gate 15 Interview podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts. ‘We are on a journey and our journey is multi-decades long…’ A few references mentioned in or relevant to our discussion include: Microsoft blog: Microsoft joins Space ISAC as founding member to further space cybersecurity intelligence, 23 Jun 2021 - https://blogs.microsoft.com/blog/2021/06/23/microsoft-joins-space-isac-as-founding-member-to-further-space-cybersecurity-intelligence/ Space ISAC members and membership - https://s-isac.org/membership/ Andy shares a favorite space tweet - https://twitter.com/andyjabbour/status/1450449282318979074?s=21
Nerd Out Security Panel Discussion: EP 18. Dave Solo?! Talking Recent Events and Preparedness
30:57In the most recent episode of Nerd out, and as accurately described by Ron Burgundy it could be a horrible news story but Dave goes solo to talk about the recent events. These include the Norway Bow and Arrow attack, the murder of a British Member of Parliament, and two of the more recent insider threat attacks and how organizations can learn from these events and improve their security posture. Dave then goes a little pop culture to talk about his three favorite security movies and shows. He also uses these references to talk about how organizations can build and nuture their own intelligence analysts and the value they can bring to an organizations. Rough transitions aside and some help from Ron Burgundy and Syndrome aside the panel will return for next month as they look ahead to what should be a busy holiday season.