National Cybersecurity Awareness Month (NCSAM) is October! In this special week 3 of 4 of NCSAM episode we are speaking to consumers and individuals about passwords - those security things we all love to hate. But still, we have to protect the
National Cybersecurity Awareness Month (NCSAM) is October! In this special week 2 of 4 of NCSAM episode we are speaking to consumers and individuals about device security. All your phones, TVs, and routers and such. protect yourself, and not j
Some reality about security startups, the fool's gold and FOMO-stress of fame in social media and conferences for cybersecurity, some career advice, Bill has some great advice about what makes a good organization and some criteria for buying co
Greg and Bill talk some cybersecurity history about the Orange Book, and how fundamentally the approach to what we put security into has changed. Big IT vendors have trouble with security because it isn't their core business.
Bill and Greg cover the history of app security testing, why it is neglected, web application firewalls, code scanners, and how the devsecops loop is still mostly aspirational. Some thoughts on Zero Trust, and ... The Zachman Framework! DEFCON
Greg and Bill discuss, if in charge for a day, what they would change in cybersecurity to break the cycle we are in. Greg has big issues about that meeting of CEOs concerning cybersecurity at the White House. Bill talks defect analysis. How cha
We start out with a few presentation tips, and do a status check on these unprecedented pajama-bottom wearing times. How the cybsersecurity culture in companies will be different in 2022. Complexity in the new hybrid telework/in-person will be
Balancing security education with security technology. Real risk: livestock are a bigger threat than sharks, and what about self-driving cars. The role of federal governments in tamping down ransomware activity. Small and Midsize Organization s
Was in-person RSAC only a year ago? Selling passwords for candy bars, thinking back to RSA 2020, the good and bad of virtual events, and green M&Ms. Virtual cybersecurity events need to be a rethinking of the event format, not the worst of both
Bill and Greg dissect parts of the SolarBurst and water filtration hacks, and Bill confirms that all criminals wear hoodies so Greg proposes banning hoodies. We cover the issues of Supply Chain security.
Brian Reed is proof that you can be smart, nice, a great father, and successful in security. Brian is a long time Atlantan (the city in Georgia, not the underwater one) and has been doing security IBM, ISS, Gartner and Proofpoint. Brian talks
Bill shines a flashlight on the truth about 5G radiation, and shares his chicken recipes to demonstrate the difference in spiciness. We get seriousness about the security relationship between IoT and 5G and why they are so closely linked. Bill
Greg and Bill interview John Pescatore from SANS about what's going on in the whacky world of cybersecurity. We cover a lot of ground including the breadcrumbs that attackers leave, the history of SANS, what are the big topics in the SANS commu
Bill updates us on some recent threat and vulnerability reports. Greg thinks that all CIOs need an animatronic CISO hype-man, and that people would pay money to have sanctions against them announced by an evil foreign government. Our oddball se
Live (virtually) from Black Hat we give an update on what is being focused on. We agree that presenting without a live audience requires a different approach than live stage presentations. Bill reaches for smelling salts when confronted with
Bill and Greg cover the recent Twitter breach and try and unpack what maybe happened and what lessons we can learn from it. We invent a security axiom of "Occam's Younger Dumber Brother's Razor". We recount some insider cases, how too often goo
We take a helicopter up a few thousand feet to suss out what cloud security is really about. What security problems does cloud fix? What security problems does it introduce? One hypothesis is that a lot of IT is unnecessarily 'custom', and so
Current events are highlighting the nasty issues around privacy and broad surveillance. As some companies announce they will no longer support certain applications of facial recognition we discuss the shift in privacy to being up to the indivi
We discuss the issues of dishonesty in cybersecurity marketing, that it's OK to not speak at security conferences, a bunch of non-traditional book references for cybersecurity, and our favorite conferences . And Bill ends up in Facebook jail f
Bill gets thrown in Facebook jail for crimes involving cat videos. We talk about how the importance minimizing Peak awesomeness is achieved when Bill gives us the security book recommendations from our listeners. And we lose our minds and go
We return after Bill has recovered from a denial of service attack, and cover the basics of where MITRE ATT&CK fits into the security world, and how Greg is a fan of it after his initial skepticism. Where does IoT fit into MITRE? Bill poses a
We kick off with much discussion on CISOs: the secrets and qualities of successful them, where they fit into the org chart and their role and how that has changed. XDR - what is it? We try and parse out what XDR means vs platforms, how it hel
There's a lot of discussion about webconferencing security, so we do some more! We agree on and name the must-see movie about spies, the difference between stealth and force in locks and lockpicking, attackers playing the long game, and Bill me
Do you host or manage this podcast? Claim and edit this page to your liking.
Are we missing an episode or update? Use this to check the RSS feed immediately.