Brilliance Security Magazine Podcast
By Steven Bowcut
Brilliance Security Magazine PodcastApr 11, 2022
Security Risks Associated with SaaS Applications
In this exciting episode of Brilliance Security Magazine, host Steven Bowcut sits down with Nick Harrahill, the Director of Support at Spin.AI, a company that is transforming the way businesses approach security in the SaaS environment.
The pair delve into the intricacies of the modern SaaS landscape and why it has become so crucial for enterprises to recognize and mitigate the security risks inherent within it. Nick provides invaluable insights from Spin.AI’s recent report, highlighting the prevalence and potential dangers of third-party SaaS applications and browser extensions, specifically in Google Workspace and Microsoft 365 environments.
Additionally, Steven and Nick discuss practical strategies for businesses to evaluate the risk levels of the SaaS applications they are currently using and much more. They delve deep into the current state of SaaS security and explore innovative approaches to make your digital workspace safer and more secure.
Whether you're a cybersecurity professional or just interested in the field, this conversation offers a wealth of information about the increasingly important topic of SaaS security.
About our Guest
Nick Harrahill is an experienced cybersecurity and business leader. His industry experience includes leading security teams at enterprise companies such as PayPal and eBay, as well as building programs, processes, and operations at cybersecurity start-ups. Nick has managed teams focused on vulnerability management, application security, third-party risk, insider threat, incident response, privacy, and various facets of security operations.
Don't miss this episode if you want to stay informed about the latest trends and challenges in SaaS security. Listen in to understand how you can better protect your business in the dynamic and often challenging landscape of SaaS applications. Tune in today to expand your knowledge and stay ahead of the curve!
Automated Cloud Infrastructure Remediation
In this riveting episode of the Brilliance Security Magazine podcast, Steven Bowcut sits down with Bob Bregant, COO & Co-founder of OpsHelm, and Lee Brotherston, Founding Engineer at OpsHelm, to delve into the top three cloud security challenges faced by cybersecurity professionals today. Bob and Lee offer valuable insights into how OpsHelm is addressing these pressing concerns and provide expert advice on tackling them.
Our guests highlight the magnitude of the problems associated with cloud misconfiguration and share best practices to mitigate these risks effectively. Listen in as they discuss real-world examples and solutions, equipping cybersecurity professionals with the knowledge they need to stay ahead of the curve in this ever-evolving industry.
About our Guests
Bob Bregant spent the last decade-plus growing from managing ticket queues to managing systems, organizational security initiatives, security teams, and clients. He has worked with startups, governments, non-profits, and the Fortune 50 — seeing the unique quirks and, more often, finding the common threads that seem to exist across organizations of all stripes.
Lee Brotherston is a seasoned security leader with decades of experience at all levels of security and is the co-author of the hugely successful O'Reilly "Defensive Security Handbook." With a knack for security research, Lee is regularly invited to speak at security conferences like B-sides, BlackHat, and Defcon.
Don't miss this enlightening conversation with industry leaders as they navigate the complex landscape of cybersecurity and empower listeners with actionable strategies to strengthen their defenses. Tune in to the Brilliance Security Magazine podcast now!
How to Secure Your Supply Chain and Get Visibility Into Your Software Security
Welcome to Brilliance Security Magazine podcast, where we discuss the latest trends, challenges, and innovations in the cybersecurity industry. In this episode, host Steve Bowcut interviews Ben Chappell, CEO, and Roger Neal, Head of Products, at Apona Security. Apona Security is a leading provider of Software Composition Analysis (SCA) technology with patented analytics. The topic of the show is "How to Secure Your Supply Chain and Get Visibility Into Your Software Security," where Ben and Roger share their approach to software security and talk about how their platform is unique. The discussion dives into the importance of organizations prioritizing their security as a core part of their development process.
During the podcast, Ben and Roger discuss the importance of securing the software supply chain, which has become a critical component of cybersecurity in recent years. They discuss the challenges organizations face and share their approach to mitigating cyber risks. They explain how Apona Security's platform helps organizations gain visibility into their software security by analyzing the software supply chain and identifying potential vulnerabilities.
Ben and Roger emphasize that security should be a core part of the development process, not just an afterthought. They also highlight the importance of educating developers and engineers on secure coding practices to prevent security vulnerabilities in the software.
Moreover, they explain how Apona Security's patented analytics technology sets them apart from other SCA vendors, providing a comprehensive view of the software supply chain and identifying all dependencies and vulnerabilities. They also discuss the importance of continuous monitoring and assessment of the software supply chain, as new vulnerabilities are discovered and patched regularly.
The discussion highlights the need for proactive measures to protect against potential security threats and the role of technology in helping organizations achieve this goal.
About our Guests
Ben Chappell is an accomplished cybersecurity leader with a wealth of experience in the field. He currently serves as the CEO of Apona Security, where he leads a high-performing team with an OpEx business model, positioning the company as a leader in SCA (Software Composition Analysis) and SAST (Static Application Security Testing). Outside of the office, Ben is a devoted family man, husband, and father of two children. He serves as a head soccer coach in his community. With his extensive global leadership background and passion for innovation, Ben Chappell is poised to drive Apona Security to new heights in the cybersecurity industry.
Roger Neal is the Head of Products at Apona Security, a leading provider of cybersecurity solutions. Roger has a strong background in both athletics and technology, having been a Division One athlete and earning his degree in Information Systems. After graduation, he shifted his focus to cybersecurity and has since become a seasoned professional in the field. In his current role, Roger is responsible for overseeing the development and execution of Apona's product strategy, ensuring that the company's solutions remain at the forefront of the industry. Through his leadership and expertise, Roger has helped Apona Security continue to deliver cutting-edge cybersecurity solutions to clients worldwide.
Lessons Learned From the LastPass Attack
Welcome to S5E6 of the Brilliance Security Magazine Podcast, where we bring you interviews with top security professionals in the industry. In this episode, our host Steve Bowcut is joined by Eric Kedrosky, the CISO at Sonrai Security, to discuss the recent LastPass cyber attack. Eric and Steve dive into the details of how the attack was discovered, the root causes of the breach, and what lessons security professionals can take away from this event. Join us for this insightful conversation on the latest threat to our cybersecurity.
About our Guest
Over the last two decades, Eric Kedrosky has honed his knowledge of Security Program Development, Security Strategy, Security Assessment, Research & Policy Development, and Leadership Development. His passion for collaborating with customers and executives has made him a crucial member of the Sonrai Security team. Few people have the combination of technical and communication skills that have pushed him to the forefront of cloud security assessment and development. Eric graduated from Carleton University in Ottawa, Canada, with a Bachelor of Computer Systems Engineering.
Supply Chain Attacks and Open Source Libraries
In this episode of Brilliance Security Magazine's podcast, host Steve Bowcut interviews Idan Wiener and Bogdan Kortnov of Illustria about the potential risks open-source libraries pose in the context of supply chain attacks. They discuss the current state of these threats and what organizations should be aware of when it comes to open-source libraries. Wiener and Kortnov give details regarding the vulnerabilities in the ecosystem, such as the recent discovery of a popular NPM package. The episode also covers topics such as possible ways to detect malicious activities and other methods for improving security in organizations. By the end of the episode, listeners will better understand open-source library threats and how to address them.
About our Guests
Idan Wiener, CEO at Illustria, has vast experience in both startup and corporate environments, with exposure to international markets. He served seven years as a Captain at the Israeli Naval Academy, leading soldiers, and officers in complex classified operations.
With seven years of experience in development and information security, Bogdan Kortnov, CTO at Illustria, began his career as a Pentester before progressing to developing numerous secure systems. Eventually, he became an information security architect, guiding startups and information security firms on secure architecture and development practices.
Don't miss this insightful discussion with Wiener and Kortnov of Illustria! This podcast is an essential resource for anyone interested in supply chain security or learning more about open-source libraries and their risks. Tune in to the Brilliance Security Magazine podcast today and stay informed.
What Security Teams Need to Know about External Attack Surface Management and Continuous Automated Red Teaming
As cybersecurity threats become more sophisticated, organizations must employ new measures to protect their networks, digital assets, and data. By understanding and implementing these concepts, you can help reduce your organization’s risk of a cyberattack. In this episode, cybersecurity expert Bikash Barai, Co-founder of FireCompass, explains how to manage your company’s external attack surface and perform continuous automated red teaming.
Host Steven Bowcut and Bikash discuss the importance of external attack surface management and continuous testing of your defenses. Bikash explains the relationship between automated red teaming and attack surface management and offers advice about how organizations can prioritize the tsunami of vulnerabilities they face.About our Guest
Bikash Barai is a serial cybersecurity entrepreneur. Before co-founding FireCompass, he founded iViZ, an automated application security testing company. He has graduate and post-graduate degrees from the Indian Institute of Technology (IIT) in computer science and architecture.
He is passionate about AI, cognitive hacking, and attack simulation. He is credited for several innovations in the domain of IT Security and has multiple patents.
Bikash is one of Fortune's 40-under-40 and has also received multiple other recognitions from UC Berkeley, Intel, Nasscom, Red Herring, TiE, & others.
Outside of cyber security, Bikash is an amateur magician and painter. He is also passionate about mindfulness meditation, psychology, and philosophy.
Listen to learn more about external attack surface management and continuous automated red teaming.
What Security Professionals Need to Know About Safeguarding Medical Devices and Hospital IoT
Medical devices are becoming increasingly interconnected and vulnerable to cyber-attacks. As a security professional, it's crucial that you understand the risks and how to safeguard these devices. This episode will provide an overview of the medical IoT landscape and critical considerations for protecting these devices.
Listen in as Richard Staynings, Chief Security Strategist at Cylera and Steve Bowcut discuss what security professionals need to know about the ever-increasing threats against IoT devices in the medical environment. They cover the vulnerable devices, the information threat actors seek, the types of attacks they launch, and effective mitigation strategies.About our Guest
Richard Staynings is a globally renowned thought leader, author, public speaker, and international luminary for healthcare cybersecurity. He has helped governments and private providers formulate long-term strategies and tactical action plans for improved cybersecurity and patient safety across the industry and the world. He has served on numerous working groups and boards.
Richard serves as Chief Security Strategist for Cylera, a medical device, and Health-IoT security pioneer. He is also the author of Cyber Thoughts, a leading healthcare cybersecurity blog, and teaches postgraduate cybersecurity and health informatics courses at the University of Denver, University College.
Take advantage of this informative discussion about medical and hospital IoT devices.
Insider Threat Trends and Challenges
After providing a high-level overview of the scope and magnitude of the insider threat problem, Sanjay offers some trends he has identified and some of the possible causes for the increase in these types of threats. He offers valuable information about what organizations can do to detect and prevent insider threats.
About our Guest
Sanjay holds a CISSP and brings over 20 years of experience in building, marketing, and selling cyber security and networking solutions to enterprises, small-to-medium businesses, and managed service providers. Previously, Sanjay was VP of Marketing at Prevailion, a cyber intelligence startup. Sanjay has also had several successful leadership roles in Marketing, Product Strategy, Alliances, and Engineering.
Be sure to listen in to learn more about the growing problem of insider threats.
Threat Modeling in Modern Software Development
In this episode, Steve Bowcut's guest is Adam Shostack. In this discussion focused on Threat Modeling in Modern Software Development, Adam, a threat modeling expert, lends a unique and compelling perspective.
Adam offers a glimpse into his work at Shostack & Associates and provides a high-level overview of threat modeling. Steve and Adam discuss the primary benefits of threat modeling, and listeners are provided with an insider's view of the process.
Adam talks about his new book: Threats: What Every Engineer Should Learn From Star Wars, explaining why he wrote the book, its target audience, and some of the takeaways from the book.About our Guest
Adam is a leading expert on threat modeling and a consultant, entrepreneur, technologist, author, and game designer. He's an Affiliate Professor at the University of Washington, a member of the BlackHat Review Board, and a Linkedin Learning Author. He currently helps many organizations improve their security via Shostack + Associates. Adam is the author of Threats: What Every Engineer Should Learn From Star Wars.
Listen in to find answers to all your threat modeling questions.
The Role of OSINT in Social Engineering and How to Manage Your Human Attack Surface
Steve Bowcut's guest for episode S4E20 is Matt Polak. Matt is the CEO and Founder of Picnic Corporation. Picnic is a cybersecurity firm providing enterprise-wide protection from social engineering. The topic for this episode is The Role of OSINT in Social Engineering and How to Manage Your Human Attack Surface.
Matt explains the role of social engineering in today's cyber attacks and talks about why it is so successful. Drawing on his vast experience, he shares what information hackers look for as they plan for an attack and how organizations can use OSINT to protect their people and systems.About our Guest
Matt Polak is a subject matter expert in intelligence collection, having spent his career applying these skills to intractable growth and competitive strategy challenges for Fortune 500 customers. Matt's extensive experience and expertise in human intelligence inspired Picnic's creation to protect people from open-source intelligence gathering by hackers.
Be sure to listen and learn how to manage and reduce your human attack surface.
How you can Identify the Security Posture of Your Devices Automatically
Our guest for Episode S4E19 is Dr. Carmit Yadin, the Founder & CEO at DeviceTotal—the industry’s first universal repository platform providing security data for devices enabling companies to assess current risks that deployed devices post and potential future risks arising from adding new devices to their networks. The topic for this fun and informative conversation is how you can automatically identify the security posture of your devices.
Dr. Yadin explains how the ever-increasing number of connected devices creates a challenge for organizations trying to assess their security posture. She delves into the need for context to understand risk and identifies how organizations can “automatically” identify risks associated with their devices.
About our Guest
Dr. Carmit Yadin is a renowned leader, researcher, author, and speaker with extensive business and technical skills in cybersecurity and intelligence. As a cyber expert and business development specialist in this highly demanding sector, her intellectual knowledge and understanding of the cyber world enable her to stand out in a globally competitive market. After serving in an elite Israel Defense Forces unit for cyber intelligence, she spent the last decade working with leading high-tech companies in the cyber industry.
Tune in to learn how you can prioritize response using contextual risk and take proactive steps with sound security recommendations
AI-driven Anomaly Detection and Predictive Threat Intelligence
In Episode S4E18, Thomas Pore, the Senior Director of Product for LiveAction—a leader in network security and performance visibility—talks with Steven Bowcut about some of the benefits of AI-driven anomaly detection and predictive threat intelligence.
In this podcast, you'll learn how LiveAction's AI-driven anomaly detection and predictive threat intelligence can help you detect and prevent security incidents before they happen. Tom discusses the primary advantages these two technologies bring to the SOC; then, the conversation turns to how LiveActions' ThreatEye integrates with SIEM, SOAR, and threat intelligence tools.
About our Guest
As the Senior Director of Product for LiveAction, Thomas Pore leads strategic product marketing, partnering with product management and customers to better protect organizations from events impacting network and application performance and security.
He is a technical evangelist in network security and performance. For almost 20 years, Thomas has held several positions at LiveAction, including network monitoring and security advisor. He also led strategic sales engineering and post-sale technical teams over his career.
Listen to learn more about the benefits of using AI-driven anomaly detection and predictive threat intelligence in your cybersecurity strategy.
The Security Maturity Model profile for Digital Twins
In Episode S4E17, Frederick Hirsch, an independent consultant and a co-author of the IoT Security Maturity Model (SMM) Practitioner’s Guide, speaks with the host, Steve Bowcut, about the SMM profile for Digital Twins.
Frederick explains digital twins and gives some practical examples of how they are used. Steve and Frederick explore some of the security issues related to digital twins, including how they can help solve complex security challenges. Frederick provides an excellent overview of the purpose of the IoT Security Maturity Model (SMM) Practitioner's Guide, the SMM Digital Twin Profile, and SMM mappings.
A page with links to the various SMM documents and other resources:
A brochure summarizing OMG organization and its consortia:
About our Guest
Frederick Hirsch is an independent consultant. He is a co-author of the IoT Security Maturity Model (SMM) Practitioner’s Guide, the SMM Digital Twin Profile, the Retail Profile, and the SMM 62443 Mappings. He is co-chair of the joint ISA IIC Contributing group as well as the SMM Mining Profile team.
In addition to his SMM work, Frederick is also a co-chair of the IIC Trustworthiness Task Group. He co-authored the IIC Trustworthiness Framework Foundations document and has written papers on Trustworthiness for the IIC Journal of Innovation. He is also a co-author of the IIC Industrial Internet of Things Security Framework.
Don't miss this informative overview of the IoT Security Maturity Model Practitioner’s Guide and the SMM Digital Twin Profile.
The Application Security Skills Gap
In Episode S4E16, our guest is Abhay Bhargav, the Founder of we45 — a focused Application Security Company, and the Chief Research Officer of AppSecEngineer — an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security, and DevSecOps. The topic Steve Bowcut and Abhay discuss is The Application Security Skills Gap.
Abhay gives an informative view of the scope of the skills gap for application security and explains why he thinks the shortage of skilled security professionals is occurring. Steve and Abhay discuss the skills gap's impact on organizations and what they can do to solve this issue.
About our Guest
Abhay started his career as a breaker of apps in pen testing and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps. He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation.
Abhay is active in the research of new technologies and their impact on Application Security, specifically Cloud-Native Security. He is the architect of a leading Vulnerability Management and Correlation Product, Orchestron, from we45. He is a speaker and trainer at major industry events and has authored two international publications on Java Security and PCI Compliance.
Don't miss this insightful look into the application security skills gap.
In Episode S4E15, Steve Bowcut talks about encrypted collaboration with István Lám, the co-founder and CEO at Tresorit—a global leader in cloud encryption.
István explains why staying in control of your data is important when collaborating with others and shares how Tresorit’s end-to-end encryption technology protects email and documents. He discusses Tresorit's idea of Zero Knowledge and why it's important.
About our Guest
István Lám is a cryptographer, computer scientist, entrepreneur, and Tresorit’s co-founder and CEO. István earned his MSc degree with top honors at the Budapest University of Technology and Economics. As a researcher, he worked on cryptographic key sharing and distributed systems. While still at university, István co-founded Tresorit. Today, Tresorit provides end-to-end encrypted collaboration and file-syncing tools for more than 10,000 businesses globally.
Be sure to listen to learn more about how to collaborate safely and protect your privacy.
Zero Trust Network Access
In Episode S4E14, Steve Bowcut talks about Zero Trust Network Access with two well-informed guests. On the show are two executives from the cybersecurity firm Syxsense, Mark Reed, CTO, and Dave Taylor, CMO.
The term Zero Trust is sometimes misapplied or misunderstood in the security industry, so our guests thoroughly describe what the term means and how they use it in their business.
Mark and Dave explain the role of a zero trust strategy in today’s endpoint protection and what it takes to be successful at zero trust, then talk about some of the challenges organizations face when implementing a Zero Trust strategy.
Steve gets them to elaborate on how the new module recently announced by Syxsense enables endpoint compliance with Zero Trust Network Access policies.About Our Guests
Mark Reed is a highly energized Software Developer and the CTO of Syxsense. He began his career as a Technical Support Manager at Intel before moving into a role as a Deployment Engineer, traveling to companies all over the world to help with new software infrastructure and implementation. Eventually, he worked his way up to a leadership role and now manages a team of software engineers while helping to push forward new innovations and being involved in all aspects of product development - from backend database design, web services, user interfaces, and client/server/cloud communications. Mark loves to travel, extreme sports and fitness, and spending time with his wife and four sons. He lives in Salt Lake City, Utah.
Dave Taylor is a successful tech entrepreneur with five exits under his belt. Having started his career as a Product Manager at Intel Corporation, Dave has now run marketing as CMO at seven successive companies. He has always focused on demand generation - working closely with sales teams to hit revenue growth targets. Dave counts the recruitment and retention of amazingly high-performing marketing teams as his top skill. Born and raised in Boston, Dave has lived in the UK, South Africa, the Middle East, and all over the US, and he now resides in Utah and Montana.
Be sure to listen in to learn more about the current state of zero trust network access.
Unified Communications Solutions
In Episode S4E13, our guest is Tom Reilly, the President of Commend Americas. This discussion focuses on Unified Communications Solutions. We talk about what they are, how organizations use them, and what providers of these solutions should be doing to protect the networks they reside on and the data they have a stewardship to protect.
The host, Steve Bowcut, asks Tom to explain the cybersecurity protocols solution providers should use to protect infrastructure and data. Tom elaborates on Commend America's "privacy and security by design" process and the international compliance standards companies should adhere to.
About our Guest
As the President of Commend Americas, Tom leads a team focused on reinventing the use of unified communications solutions for safety, security, and operational efficiencies. Tom is a seasoned executive leader with more than 14 years of business development, operational strategy, and sales expertise. Prior to Commend, Tom spent ten years at Ernst & Young in increasingly senior strategy and management positions, providing insights and direction on modern technology and business transformations to help global organizations achieve sustained business results and ongoing innovation. He holds a Bachelor of Science in Management from Binghamton University.
Listen to this week’s episode to learn more about Unified Communications Solutions.
How to Move Cybersecurity From a Cost Center to a Revenue Enabler
In Episode S4E12, our guest is Jim Nitterauer, Director of Information Security at Graylog. In a fun and informative conversation, BSM's Steve Bowcut and Jim discuss how organizations can move cybersecurity from a cost center to a revenue enabler.
Steve asks Jim to:Discuss some of the costs organizations face trying to protect their systems, infrastructure, and data. Explain why security isn't typically viewed as a revenue enabler like other software costs often are. Tell us why and how security can increase revenue. Talk specifically about the costs that log management can reduce or eliminate.
About our Guest
Jim Nitterauer and his teams are responsible for IT Services, Security, and Compliance across the Graylog organization. He holds CISSP and CISM certifications in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology from the University of Alabama. He is well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 25 years.
Listen to this week's episode to learn more about how security can enable revenue.
How Managed Security Service Providers Can Help Protect Against Ransomware
In Episode S4E11, our guest is Ray Steen, Chief Strategy Officer of the IT managed services firm, MainSpring. In a fascinating and informative discussion, BSM's Steve Bowcut and Ray talk about:
The common vulnerabilities threat actors exploit to launch a ransomware attack.
The relationship between the size of a business and the likelihood it will be a victim of Ransomware.
What small businesses and SMBs can do to protect against a ransomware attack, and what should they do if they are victimized.
How MSSPs can assist their clients before and after an attack.
About our Guest
Ray Steen is the CSO of DC-Metro-based IT managed security services firm, MainSpring. Ray has more than 20 years of experience in strategy, consulting, and communications. At MainSpring, he oversees high-level consulting with new and existing clients, professional services engagements, and strategic partnerships.
Don't miss this informative discussion about Ransomware.
A10 Networks 2022 DDoS Threat Report
In Episode S4E10, our guest is Paul Nicholson, Senior Director of Product Marketing for A10 Networks. Paul gives us insight into the new 2022 A10 Networks DDoS Threat Report. We talk about what you can expect to learn from the report, the methodology used, and critical findings. Paul explains A10’s ability to precisely track the origins of DDoS weapons activity as we discuss some of the activities A10 discovered leading up to the war in Ukraine.
About our Guest
Paul Nicholson brings 25 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Paul is responsible for global product marketing, technical marketing, and analyst relations at San Jose, Calif.-based security, cloud, and application services leader A10 Networks.
Don't miss this informative look into what the 2022 A10 Networks DDoS Threat Report offers.
SOC 2 Compliance for VaaS Providers
In Episode S4E9, our guest is Ben Rowe, Cloud & Security Architect for Arcules. We discuss System and Organization Controls (SOC) level 2 type 2 certification in video-as-a-service (VaaS) and other cloud-based security systems providers. Ben gives us a high-level overview of what the SOC audit covers, and we dive into why physical security SaaS providers need to pursue SOC 2 attestation. He explains the process for achieving SOC 2 Type 2.
About our Guest
Ben Rowe serves as the Cloud & Security Architect for Arcules, where he is instrumental in guiding the design and security of the Arcules suite of services. He has a vast amount of experience with a wide range of systems within entertainment, industrial automation, and IT.
This is an important topic, so don't miss this discussion about System and Organization Controls for cloud-based security platforms.
A Modern Approach to VMS
In Episode S4E8 Steve Bowcut, Editor at Brilliance Security Magazine, and John Rezzonico, CEO at Edge 360, discuss what it means to build a Video Management System using modern IT processes and solutions. They examine why VMS solutions have historically been slow to adopt advanced IT practices. John provides an explanation of the benefits of containerization and why physical security video system users should look for a fully containerized VMS.
About our Guest
As CEO at Edge360, John is responsible for the global operations of the company. He brings more than 30 years of security innovation and mission-critical military leadership to the organization, and his experience and leadership are focused on developing and delivering technology-driven business services and solutions, providing outstanding client service, and driving profitable revenue growth.
A Marine Corps Veteran, John served as an Intelligence Chief. He supervised, trained, and managed a diverse group of Intelligence Marines and produced various intelligence products for combat operations during Operation Iraqi Freedom. He served as the Battalion surveillance and reconnaissance asset manager, successfully implementing multiple surveillance systems in a combat environment.
To better understand how a modern VMS can provide improved security and a better user experience, don't miss this episode of the Brilliance Security Magazine Podcast.
Understanding and Communicating Cyber Risk
Our topic for Episode S4E7 is Understanding and Communicating Cyber Risk. Our guest is Greg Spicer, CRO and Co-Founder of Ostrich Cyber-Risk.
BSM's editor, Steve Bowcut, asks Greg to:
Discuss the importance of prioritizing mitigation and remediation efforts.
Explain some crucial elements of risk scoring; what should be considered in the scoring process?
Explain how the concept of “proximity-blindness” impacts risk analysis.
Discuss some of the challenges security teams face when communicating with organizational leaders, and how can they be overcome?
About our Guest
Greg Spicer has several years of experience in cybersecurity, working with organizations to provide solutions to their cybersecurity challenges. He has worked in many sectors, including Legal, Finance, Insurance, Manufacturing, and Healthcare. He was most recently CRO of Braintrace, a Salt Lake City MDR provider, before their successful sale to Sophos in July 2021.
Greg is now the CRO and Co-Founder of Ostrich Cyber-Risk, a leading Cybersecurity Performance Management Provider that offers organizations a simple-to-use but comprehensive cybersecurity risk assessment and reporting application that allows you to manage a security program within a single view. Their methodology drives action and communication among the critical stakeholders to quickly identify and address cyber business risk within an organization.
Don't miss this informative discussion about how to understand and communicate cyber risk.
Supply chain security: What to expect in the next year
The topic for Episode S4E6 is supply chain security and what to expect in the next year. Our guest is Farshad Abasi, Founder and Chief Security Officer of Forward Security.
In a fun and interesting conversation, Farshad and Steve Bowcut cover:
What supply chain attacks are and how they happen, including some examples
Why supply chain attacks are such a serious threat
What the industry can expect regarding supply chain attacks in the next year
What preventative measures organizations should take to protect against supply chain attacks
About our guest:
Farshad Abasi is an innovative technologist with over twenty-four years of experience in software design and development, network and system architecture, cybersecurity, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last twenty years. He started Forward Security in 2018, with a mission to provide world-class information security services, particularly in the Application and Cloud security domains.
Don't miss this fascinating conversation about an important topic: Supply chain security.
IIC's foundational document for Artificial Intelligence—The Industrial IoT Artificial Intelligence Framework
In Episode S4E5, we have as our guests two individuals who are distinguished by their work with the Industry IoT Consortium (IIC).
Bassam Zarkout—Executive Vice President IGnPower Inc. and the Chief Editor of the Industrial IoT Artificial Intelligence Framework (IIAIF).
Wael Diab—Chair IIC Industrial AI Task Group and Secretary IIC Steering Committee.
About the IIC
Since its founding in 2014, the IIC has helped build a technical foundation for the Industrial IoT. They work to help organizations take advantage of IoT technology and achieve positive outcomes. They are focused on driving technology innovation that fosters business transformation.
Their services are targeted toward helping members drive business value in the core verticals of IT, Networks, Academia & Research, Manufacturing, Energy & Utilities, and Healthcare. They provide best-practice frameworks and liaisons with Standards Development Organizations.
Topics we cover:The purpose of the Industrial IoT Artificial Intelligence Framework Examples of some applications for AI in IIoT The value proposition AI can enable in next-generation industrial IoT (IIoT) systems Perceptions regarding ethics, confidence, trustworthiness of AI
About our guests:
Bassam Zarkout is the Chair of the Digital Transformation working group at the Industry IoT Consortium. He is an Ottawa-based technology executive with 30+ years of experience in technology organizations in Canada, the US, and Europe, including 8 years in executive C-positions, mainly as CTO. Bassam is the founder of IGnPower, an IIoT and AI strategy consulting practice. He has authored and contributed to multiple peer-reviewed papers and frameworks covering Digital Transformation, Industrial AI, Trustworthiness, Data Protection, and IoT Security. He is also a veteran of the Information Assets Governance space, including Electronic Records Management, RegTech, Content Management, and Electronic Discovery, and has led research with US DoD in the area of assisted security and privacy classifications of content.
Wael Diab is a business and technology strategist with over 885 patents to his name in the fields of networking and ICT. Wael has BS and MS degrees in EE and BA in Economics from Stanford, and an MBA with honors from Wharton. He is a published author, having authored the book Ethernet in the First Mile: Access for Everyone. In 2011, Wael was recognized by the David Packard Medal of Achievement and Innovator Award for his leadership in Green Technology. He has been active in standardization and related activities for two decades. He chairs ISO/IEC JTC 1/SC 42, the international standardization committee on artificial intelligence (AI). Wael is also chairing the AI track of the 22nd Global Standards Collaboration meeting (GSC-22).
Don't miss this opportunity to learn more about AI in security and IIoT applications.
A Novel Approach to Security Bug Bounties
In Episode S4E4, we have two guests. We talk with Jonatan Altszul, CEO at BitTrap and Ariel Futoransky, BitTrap’s CTO. Our topic is A Novel Approach to Security Bug Bounties.
BitTrap helps companies find breaches faster by installing wallets with risk-adjusted bounties. When an attacker cashes a wallet, they notify the company of the breach so they can take remediation actions to patch it.
Some of the topics we cover include:
Why bug bounties are necessary
What works and what can be improved
BitTrap's novel approach to bug bounties
A little about our guests:
Jonatan Altszul has been building companies in the Cybersecurity Industry for over 30 years. In the past, as a founder of Core Security Technologies, Jony developed the first automated penetration testing software product, earning the loyalty of clients such as Apple, Cisco, Department of Homeland Security, NSA, NASA, Lockheed Martin, and DARPA.
As a founder of Disarmista, Jony developed some of the most popular cybersecurity products for the largest companies in the Industry. As co-founder and CEO, Jony now leads BitTrap, where he combines his many years of experience in Cybersecurity, leveraging his expertise in Attacker Behavior with his passion for building companies and defining product new categories.
Ariel Futoransky is curious about science & technology, its future, and how it will continue to impact society. A founder of Core Security Technologies, Disarmista, and BitTrap. He is a researcher, programmer, entrepreneur and has made contributions to cryptography, Cybersecurity, and blockchain.
Don't miss this opportunity to learn more about a new way to use security bug bounties.
Product Supply Chain Security
In this episode, our guest is Slava Bronfman, CEO and Co-founder at Cybellum and we talk about product supply chain security. Cybellum provides a product security platform, enabling teams to manage security across the entire product lifecycle - from highly detailed SBOMs to automatic vulnerability management, ongoing incident response, and continuous monitoring.
We touch on:
Cybersecurity risks, such as open-source or supply chain software
Some things product manufacturers can do to detect and remediate vulnerabilities
The future for product supply chain security
A little about our guest:
Slava Bronfman is an experienced cybersecurity entrepreneur. As CEO and Co-founder at Cybellum, he is responsible for the business, sales, and marketing operations, working with manufacturers and asset owners worldwide on implementing risk assessment solutions.
As part of founding Cybellum’s development of a novel cybersecurity risk assessment technology, Slava is also the official representative of the Standards Institution of Israel in the ISO 21434 standard technical committee. He served as an officer in Israel’s elite intelligence corps unit 8153 in a leading product management position and holds an M.Sc. in Computer Science and a B.Sc. in Information Systems, both Cum Laude.
Don't miss this insight into the world of product supply chain security.
Automated Controls for Compliance - How and Why
In Episode S4E2 our guest is David Vincent, VP of Product Strategy and the chief security evangelist at Appsian Security. Our topic is Automated Controls for Compliance - How and Why.
Appsian provides ERP security below the network layer. David shares his insights about:
Challenges associated with manually maintaining compliance.
How automated controls can affect compliance.
Leading practices for effective Data Security & Privacy Compliance.
David Vincent has over twenty-five years of experience delivering Security, Audit, Risk, & Compliance services while employed with some of the largest professional service-providing firms in the world – Arthur Andersen, KPMG, PwC, and IBM. He has delivered hundreds of ERP Security Risk & Compliance Assessments & Remediation services, and over 100 GRC (governance, risk, and compliance) technology solution implementations. Additionally, he was the North America GRC Practice Leader for IBM, PwC, and Corporater.
Be sure to listen to this informative discussion about automated controls and compliance.
The Future of Ransomware and Trends in Data Security
In Episode S4E1 our guest is Purandar Das, CEO and Co-Founder at Sotero. We discuss the future of ransomware and explore some recent trends in data security.
We touch on topics such as:Anomaly detection at the data level Machine-learning in ransomware protection Possible future trends for ransomware
Sotero offers the first field-level, universal data protection platform allowing you to consolidate all your data instances, applications, and security products into one easy-to-manage environment. Purandar Das is an experienced executive with a demonstrated history of success in the information technology and services space. He is skilled in Technology & Business Development as well as Enterprise Software, Enterprise Architecture, Agile Methodologies, and Customer Relationship Management (CRM). He was formerly the CTO at Infogroup, MobileMessenger, and Epsilon.
Purandar gives us his thoughts on REvil and sheds some light on what we can do to protect sensitive data and curtail ransomware attacks.
Be sure and listen to this important data protection discussion.
Labor Shortage for IT and OT Cybersecurity
In Episode S3E14 our guest is Jeff Macre - a Cybersecurity Project Manager at 1898 & Co. and we discuss the critical labor shortage, or skills gap, current in the areas of IT and OT cybersecurity.
1898 & Co. is part of Kansas City, Missouri-based engineering firm Burns & McDonnell - one of countries largest engineering firms - and Jeff is responsible for leading successful projects that bring real value to Burns & Mac clients. During his career, Jeff has successfully led more than 300 projects throughout many of the critical infrastructure sectors including Electric, Water, and Transportation. He holds a master’s degree in business administration and a bachelor’s degree in business technology management. Included among many industry-related certifications Jeff holds are Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Project Management Professional (PMP). Outside of his work for 1898 & Co. Jeff is a Professor at the University of Central Florida (UCF) teaching various classes within the Cybersecurity program.
This is a don't miss episode for anyone struggling to staff a security team or anyone aspiring to work in this field. Jeff offers his unique perspective on the effects of the labor shortage, what can be expected in the future, and what organizations can do to mitigate the detrimental effects of the shortage of skilled cybersecurity workers.
Don't miss this critical discussion with Jeff Macre of 1898 & Co.
Cybersecurity Red Flags
In Episode S3E13, our guest is Corey Nachreiner, Chief Security Officer at WatchGuard Technologies. Corey is a front-line cybersecurity expert for nearly two decades; he regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles. Corey is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news, and best practices. A Certified Information Systems Security Professional (CISSP), Corey enjoys "modding" any technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word.
In this fascinating conversation, Corey discusses the security red flags that could make an organization attractive to hackers. Corey offers some important and valuable things security teams can do to help avoid becoming the victim of a cyber attack.
Don't miss this exciting and informative interview with Corey Nachreiner, CSO at WatchGuard Technologies.
Automotive Cybersecurity Risks
Episode S3E12 features an informative conversation with Slava Bronfman, the Co-founder and CEO at Cybellum. Cybellum is a global leader providing integrated cyber solutions for the leading device manufactures, including automobiles. We discuss the cybersecurity risks associated with the automotive industry and what can be done to mitigate those risks.
In his role as CEO at Cybellum, Slava is responsible for the business, sales, and marketing operations, working with manufacturers and asset owners worldwide on implementing risk assessment solutions.
He served as an officer in Israel’s elite intelligence corps unit 8153 in a leading product management position and holds an M.Sc. In Computer Science, Cum Laude, and a B.Sc. in Information Systems, Cum Laude.
Join us for this fascinating episode and enjoy the conversation.
Smartphone-related Security Threats
In Episode S3E11 our guest is Dr. Bill Anderson, President of CIS Mobile. Dr. Anderson is a security industry executive with extensive leadership experience founding, funding, and operating security software companies. He has previously served as Vice President, Technology Investments at Allied Minds where he managed a portfolio of information security, quantum, and semiconductor design companies. Bill has held executive roles in product management and marketing at several public and private technology companies and is an expert on security in the mobile ecosystem.
During this fascinating conversation, Bill gives us an overview of some current and recent threats related to smartphones and explains some of the methods government users have historically used to protect against smartphone-related threats - and the challenges with those methods.
To wrap it up, Dr. Anderson give us some very specific recommendations for protecting government users of commercial smartphones.
If you use a smartphone, and who doesn't, you are sure to find this episode interesting.
What the Future Holds for the “New” Workplace
In Episode S3E10, our guest is Julian Lovelock. Julian is currently Vice President of the Global Business Segment responsible for workforce identity management solutions at HID Global. Part of his role includes sparking new innovation leading to the development of new products and services. Julian moved to the United States from London in 2006 following the acquisition of ASPACE Solutions, where he was CTO and co-founder. He holds a Bachelor of Engineering in Electrical and Electronic Engineering from the University of Aston, UK.
We discuss the idea of identity being the new perimeter, and Julian explains what it means to digitally transform the management of identities and the associated cyber and physical access credentials for the workplace.
Julian walks us through some of the current technological trends for authentication and some of the best practices in securing workplaces and networks.
Don't miss this informative interview with Julian Lovelock, Vice President of Global Business Segment at HID Global.
Industry IoT Consortium's Trustworthiness framework foundations
In Episode S3E9 we depart from our normal format and interview four guests at once. The panel for this episode is made up of Karen Quatromoni, the Director of PR at Object Management Group, and three co-chairs of the Trustworthiness Task Group for the Industry IoT Consortium, they are:
Marcellus Buchheit - Co-founder and Chairman of the Board at WIBU-Systems.
Frederick Hirsch - An independent consultant in the area of trustworthiness and security.
Bob Martin - Leads the supply chain and security efforts within MITRE, a non-profit organization that runs federally funded research and development centers.
We discuss the business need and context for trustworthiness and how it relates to safety and security, what a trustworthy supply chain means and how companies can gain assurance of trustworthiness from their downstream partners, IICs Trustworthiness Framework, and more.
Please join us for this informative and relevant conversation around trustworthiness, safety, and security.
10 keys to preventing ransomware
In Episode S3E8, our guest is Corey Nachreiner, Chief Security Officer at WatchGuard Technologies. Corey is a front-line cybersecurity expert for nearly two decades; he regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles. Corey is the primary contributor to the Secplicity Community, which provides daily videos and content on the latest security threats, news, and best practices. A Certified Information Systems Security Professional (CISSP), Corey enjoys "modding" any technical gizmo he can get his hands on and considers himself a hacker in the old sense of the word.
In this fascinating conversation, Corey discusses the current state of ransomware as we delve into what double and even triple extortion attacks mean to businesses. Corey provides ten important and valuable keys for preventing ransomware.
Don't miss this exciting and informative interview with Corey Nachreiner, CSO at WatchGuard Technologies.
Cybersecurity Awareness Training - Why It Works
In Episode S3E7 our guest is Zack Schuler. Zack is the founder and CEO of NINJIO – a global cybersecurity awareness company that teaches employees and their families how not to get hacked. Zack is an authority on cybersecurity, employee engagement, and related tech issues. He has written for Forbes, HR Dive, Dark Reading, and many other outlets.
In this fun and entertaining episode, we discuss where the idea for NINJIO came from and how it got started. Zack gives us an overview of the various cybersecurity training programs NINJIO offers. They cover more essential topics than you might think.
We spend some time talking about the importance of developing a culture of cybersecurity awareness within companies, and Zack offers some great ideas about how leaders can accomplish just that.
If you'd like to learn more about cybersecurity awareness training and how it can help you at work and home, don't miss this episode of the Brilliance Security Magazine Podcast.
In Episode S3E6 our guest is Brian Hajost, President and Founder of SteelCloud, a company that develops technology for automated remediation of endpoints to effectively meet compliance mandates.
In this fun and informative conversation, Brian delves into what it means for organizations to meet the various compliance mandates they are subject to. He addresses the Cybersecurity Maturity Model Certification (CMMC) and how enterprises can automate remediation of their endpoints.
A little about our guest:
Brian Hajost is the President & CEO of SteelCloud, a company that develops technology for automated remediation of endpoints to various security benchmarks. Brian’s technical career has spanned over thirty years, primarily with leading-edge technologies in regulated industries. He holds eight patents in IT security and two patents in mobile security. He is an active contributor to the DC Chapter of the Armed Forces Communications and Electronics Association (AFCEA), currently serving a board member.
The Importance of Encryption in Today’s Data-dependent World
In Episode S3E5, we talk with Purandar Das, CEO and Co-Founder at Sotero - Sotero offers the first field-level, universal data protection platform.
We talk about the importance of data, the data lifecycle, and why it is essential to encrypt data at each stage of the lifecycle. We discuss the idea of data time-to-value, and why it is important, and the current state of today's encryption technologies.
Join us for a fascinating conversation.
Purandar Das is an experienced executive with a demonstrated history of success in the information technology and services space. He is skilled in Technology & Business Development. He is experienced in Enterprise Software, Enterprise Architecture, Agile Methodologies, and Customer Relationship Management (CRM). He was formerly the CTO at Infogroup, MobileMessenger, and Epsilon.
Application Security: the Importance of Collaboration, Automation, and Infrastructure as Code
In Episode S3E4, we talk with Abhay Bhargav, founder of we45 - an Application Security Company and he is also the Chief Research Officer of AppSecEngineer - a hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security, and DevSecOps.
We talk about why it's important to foster a culture of collaboration between security and engineering teams, and what can happen if you don't collaborate. We discuss the role of automation in DevSecOps and how it can be implemented. Finally, we touch on Infrastructure as Code (IaC).
Please join us for an interesting conversation.
Abhay Bhargav started his career as a breaker of apps, in pen testing and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps
He is a pioneer in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security.
Cybersecurity for Physical Access Control in the Cloud
In Episode S3E3, we talk with Kim Loy, Chief Product Officer at ACRE, a global networking and security solution leader. We probe whether cloud-based physical access systems have lived up to their expected adoption by end-users. We look at some of the potential cybersecurity risks associated with exposing physical access data and controls to the internet and discuss how these concerns have been addressed. Kim offers a view of the Cloud Security Shared Responsibility model from a physical access control perspective.
Join us for a fascinating and informative discussion with Kim Loy, who has more than 25 years of security industry senior management experience and has achieved significant success within a wide variety of global enterprises. As Chief Product Officer for ACRE, Kim is responsible for overseeing the company’s brands, strategic product planning, and cybersecurity strategy. In addition, Kim provides direction for messaging strategy and communications development.
Prior to her role at ACRE, she served as the Director of Technology and Communications for Vanderbilt International in Dublin, Ireland, where she managed the global R&D, Product Management, and Marketing Communications teams.
Kim has held senior positions with GE Security, G4S, Xtralis, and Pelco by Schneider Electric. These global positions have provided her with extensive international experience, including time living in England, France, Belgium, and Ireland. Kim also serves on the Security Industry Association Board of Directors.
Zero Trust for Open Banking
In Episode S3E2 we talk with Jasen Meece, CEO at Cloudentity — a cloud-based provider of dynamic fine-grained authorization and governance solutions. We dive into zero trust for open banking APIs and uncover some of the threats associated with that market. We look at a new partnership just announced between Cloudentity and Axway, a leading API integration platform provider.
With previous roles at Oracle, KPMG, and IBM, Jasen has 20+ years of leadership experience in IT driving both internal and external facing organizations. Jasen is a dynamic, results-oriented executive who leverages technology products and services to achieve business value-based transformation.
Potential Security Risks Within Legacy Databases
In Episode S3E1 we talk with Greg Wendt, Executive Director of Security at Appsian. The focus of the conversation is data and compliance as it relates to Enterprise Resource Planning (ERP) software. We uncover some of the potential security risks associated with legacy databases and what can be done to protect sensitive data in a post-COVID world.
Greg Wendt is an Oracle® PeopleSoft security expert. During his 23-year career, he has been recognized as a leader in data security, application architecture, and business operations. He served as an ERP Application Architect at Texas Christian University where he was responsible for TCU’s PeopleSoft system and was Chairman of the Higher Education User Group’s multinational Technical Advisory Group (HEUG TAG). Greg has led criminal justice and cybersecurity courses focusing on hacking techniques.
Benefits of Using FIDO Authentication
In this episode, we examine Fast ID Online (FIDO) standards-based authentication that ends reliance on passwords, protects user credentials, and resists phishing attacks. FIDO supports the remote pandemic-era workforce by ensuring critical data residing on home-based systems and mobile devices remains secure and uncompromised.
Our guest, Steven Humphreys, CEO of Identiv, answers questions such as:Why are home networks so much more vulnerable to malicious attacks than corporate networks? Why is the use of passwords no longer advisable? What devices are FIDO2 security keys compatible with?
Join us for a fascinating conversation that may change how you authenticate online.
Security and Compliance for Today's Collaboration Tools
In this episode, we take a look at how companies can protect sensitive data while using modern collaboration tools. Our guest is Devin Redmond, CEO, and Co-Founder of Theta Lake, the recognized leader in collaboration security and compliance for Cisco WebEx, Microsoft Teams, RingCentral, and Zoom.
Listen to learn how Theta Lake’s AI helps security and compliance teams more effectively scale their risk detection and the workflows for communication security, data loss protection, and supervision of modern video, voice, and unified collaboration systems.
The Cybersecurity Poverty Line and the Nine Cybersecurity Habits to Protect Your Future
In Episode S2E20, we examine the cybersecurity poverty line and its relationship with the industry-wide skills gap. We talk with George Finney, a CISO that believes people are the key to solving our cybersecurity challenges.
We discuss the habits organizations need to create to build a culture of cybersecurity awareness. George talks about his new book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future.
You won't want to miss this fascinating discussion.
2020 State of Virtual Appliance Security Report
Thousands of virtual appliances are being distributed with known, exploitable, and fixable security flaws and often on outdated operating systems. Organizations depend on virtual appliances for securing cloud workloads, firewalls, secure gateways, and encryption.
To help the cloud security industry keep pace with demand, Orca Security released the “2020 State of Virtual Appliance Security Report,” which analyzed 2,218 virtual appliance images from 540 software vendors for known vulnerabilities, to identify risks and provide an objective assessment score and ranking. As the enterprise migrates to the cloud at a rapid pace, the security of virtual appliances has fallen dramatically behind.
In this episode, we talk with Yoav Alon, Chief Technology Officer at Orca Security, and examine what went into creating this report and some of its top findings.
Mobolize and Akamai Enable Security on Mobile Devices
Mobolize, the recognized leader for providing an on-device Data Management Engine that provides security, connectivity, and optimization on mobile devices, recently announced a partnership with Akamai, the intelligent edge platform for securing and delivering digital experiences, to offer security to mobile devices for enterprises. The addition of mobile protection adds an extra layer of proactive security controls and threat protection to quickly and uniformly block malicious web traffic for the growing use of mobile devices as employees work from home.
In Episode S2E18 we explore this new partnership as we speak with Colleen LeCount, Chief Revenue Officer at Mobolize, and Tim Knudsen, VP Product for Enterprise Security Products at Akamai. We uncover how this relationship will affect security and device performance for enterprise mobile device users.
Converging Fraud, Risk, and IT Teams
Episode S2E17 is an informative discussion about how financial institutions are fairing in their quest to converge fraud, risk, and IT teams. We look at the state of the financial industry as it relates to fraud and how the pandemic has affected financial institutions. We examine some of the pain points banks suffer as they attempt to converge risk management solutions as well as the benefits of this convergence.
As our guest, we have Matt Tengwall, the General Manager of Verint Fraud & Security Solutions. He shares his unique insight into how technology often leads the way as financial institutions grapple with fraud, risk, and IT convergence.
Cashless Payment Services and Preventing Fraud
In episode S2E16 we talk with Eric Solis, the CEO of MovoCash, and discuss how consumer demand for cashless payment is changing society and how financial institutions can offer competitive digital services while preventing fraud.
We examine the "state of the industry" as it relates to cashless payments and bank fraud. We talk about the need for new banking standards and look at whether or not a government-backed digital dollar is a good idea.
Eric describes a better way of making cashless payments than just handing over a credit or debit card number that gives merchants access to your entire credit limit or bank balance.
Cybersecurity and Compliance Challenges Faced by SMBs, with Karen Walsh
In episode S2E15 we have a fascinating discussion with author and compliance expert, Karen Walsh. We dive into some of the cybersecurity and compliance challenges faced by small to medium-sized businesses.
Karen shares her expert insight into what SMBs need to know to protect their data, stay in compliance, and understand what is really important. In her characteristically charming way, she sorts through some of the industry's hyperbole and rhetoric to expose some simple cybersecurity and compliance truths.
Karen is working on a new book and offers some insights into what we can expect when it is published.
Designing 360° Cameras with Cybersecurity In Mind
From adopting secure configurations with measures to protect and control access to cameras, to managing security threats with vulnerability scans during integration, and even ensuring the integrity and security of products over the supply chain with regular audits, in episode S2E14 we talk about designing 360-degree surveillance technology with the cybersecurity needs of end-users in mind.
Our guest is Jon Marsh. Vice President of Product at Oncam. Jon is responsible for Oncam’s overall product development. He spearheads the technology, design, and delivery of products, and ensures that the development of new solutions fit customer needs.
Join us for an interesting conversation about what camera manufacturers can and should be doing to protect their end user's network.
A Discussion about Security by Design with Arcules and Milestone Systems
In episode S2E13 we talk with two experts about how physical security solutions must be designed with cybersecurity in mind. You can think of this as security for security. Nigel Waterton is Chief Revenue Officer, for Arcules, and Tim Palmquist is Vice President Americas, for Milestone Systems.
Together we uncover some interesting ways that Arcules uses the concept of Security by Design to bake cybersecurity elements into their cloud-based physical security solutions. We also talk about the unique relationship between Arcules and Milestone Systems. A relationship that provides each company with strategic advantages in the marketplace.
How We Can Effectively Restart Operations While Protecting Our Employees’ and Citizens’ Health and Safety
To say that the COVID-19 pandemic has disrupted operations around the world is the understatement of the decade. That being said, businesses and governments are under mounting pressure to restart their operations as quickly as possible. With social distancing and other measures helping to curtail the spread, organizations are turning their attention to a critical question: “How do we effectively restart operations while protecting our employees’ and citizens’ health and safety?”
In episode S2E12 we talk with Alan Stoddard, Vice President and General Manager, Verint Situational Intelligence Solutions. He says adjusting to these new conditions demands a pragmatic approach that addresses the potential risk to employees in various environments while also delivering a degree of confidence to customers that an organization is taking a meaningful, proactive posture to keep people safe and healthy. Also, as circumstances change, obtaining the insight to adapt to those changes, and implementing workplace health and safety tools are crucial for businesses to stay one step ahead and remain agile.
API Protection - The Overlooked Business Continuity Strategy
From financial services to education, nearly every industry relies on API feeds to remain competitive and generate revenue. In S2E11 former team leader of an elite Israeli Defense Forces (IDF) cyber unit and current CEO of Salt Security, Roey Eliyahu, cautions that API security must be part of an organization’s business continuity strategy. If left unprotected, a breach could have catastrophic repercussions for both revenue and brand reputation.
Listen to this episode to hear Roey explain how attackers choose which APIs to target, how they execute attacks, and how to protect against these threats.
Security Culture Report Finds a Large Gap Exists Between the Best and Worst Performers for Security Culture
In Episode S2E10 we talk with Perry Carpenter, Chief Evangelist, and Strategy Officer with KnowBe4. We discuss KnowBe4’s new research arm, KnowBe4 Research, and their first Security Culture Report that was recently released.
In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organizations across 24 countries. There were a total of 17 industry sectors examined in detail. Results from this year’s report revealed a large gap between the best performers and the poor performers when it comes to security culture. The best performers were from Banking, Financial Services, and Insurance and the worst performers were from Education, Transportation, and Energy & Utilities.
Security culture varies across industries. In the industry comparison report, all industries were compared according to their security culture scores and across each of the seven dimensions (Attitudes, Behaviors, Cognition, Communication, Compliance, Norms, and Responsibilities) of security culture.
Download a copy of the report here.
Shadow Code: The Hidden Risk to Your Website
In Episode S2E9 we talk with Ameet Naik a security evangelist at PerimeterX. PerimeterX, a leading provider of application security solutions that keep digital businesses safe, recently released “Shadow Code: The Hidden Risk to Your Website.” This second annual survey of security professionals uncovers the extent and impact of third-party scripts and open-source libraries used in web applications across organizations.
Join us for this fascinating discussion about Shadow Code and why it is a problem for developers.
Shoring Up Security in a WFH World
In Episode S2E8 we talk with Zeev Draer, vice president of corporate strategy for Niagara Networks, and we discuss some steps corporations can take to shore up their security posture in this new “work from home” world we find ourselves in.
Zeev describes for us some of the operational differences between attackers and defenders - and why is that important.
COVID-19’s Impact on Business Security
In Episode S2E7 we have a delightful conversation with Adam Kujawa, Director of Malwarebytes Labs. Adam talks about Malwarebytes' insightful new report that was released on August 20, 2020. This report, titled "Enduring from Home: COVID-19’s Impact on Business Security," combines Malwarebytes telemetry with survey results from 200 IT and cybersecurity decision-makers from small businesses to large enterprises to unearth new security concerns in remote work environments.
You'll not want to miss this episode, as Adam lays out some of the more interesting findings from this important report.
The State of DDoS Weapons
DDoS attacks continue to grow in frequency, intensity, and sophistication. Listen to this episode of the Brilliance Security Magazine Podcast to learn more about why DDoS attacks are increasing and what can be done.
In Episode S2E6, we discuss the new A10 Networks report on the State of DDoS Weapons. Our guest is Paul Nicholson, Senior Director of Product Marketing for A10 Networks.
Paul walks us through why this report is essential to the industry and the methodology used to collect the data reflected by the report's findings. We review many of the more interesting and significant results that can be found in the report.
What You Need to Know About Leakware
It’s no secret that cybercriminals are always upping the ante, but while ransomware is still in the spotlight, it's even more devastating cousin, leakware, doesn’t receive as much attention. In this episode, we talk with Nir Gaist, a senior information security expert and ethical hacker to learn more about leakware - what it is, how cybercriminals are leveraging it to increase ransom payments, and what can be done to prevent it.
Account Takeover Fraud
S2E4 is an exciting discussion with Will LaSala, the Director of Security Solutions, Security Evangelist, at OneSpan. Will offers his expertise to examine account takeover fraud, what it is, how it works, and how to avoid it.
Recent news reports indicate that 15 Billion consumer credentials were found for sale on the dark web. And about 25% of the leaked credentials include account information related to banking and other financial services – making it extremely easy for hackers to conduct account takeover attacks on consumers’ financial accounts. Coupled with the current remote work conditions, consumers are prime targets for financial-related cyber-attacks in the coming weeks.
2020 State of the Public Cloud Security Report
S2E3 is a discussion with Avi Shua, Co-Founder and CEO of Orca Security. Avi takes us through some of the more interesting findings of this new industry report.This study shows that public cloud environments are rife with neglected workloads, authentication issues, and lateral movement risk
The world of cybersecurity isn’t fair. Security teams need to secure everything, but attackers need only find one weak link. For most organizations, cloud workload security is dependent upon the installation and maintenance of security agents across all assets. This rarely happens, as this report shows.
Listeners can download this complete report at: https://info.orca.security/2020-state-of-public-cloud-security-report
Essential COVID-19 Supplies via the Darknet
S2E2 is an in-depth look at how and what supplies, essential for preventing and treating COVID-19, end up on the darknet. We interview Dr. David Maimon, an Associate Professor in the Department of Criminal Justice and Criminology at Georgia State University. Dr. Maimon is engaged in a year-long study, funded by the National Science Foundation, which will allow researchers in Georgia State University’s Evidence-Based Cybersecurity Research Group (EBCS) to examine threats related to the sale of critical COVID-19 supplies via darknet markets.
IoT Revolution Leads to Increased Risk of Cyberattacks
Episode S2E1 is a fascinating interview with Hardik Modi from NETSCOUT. We talk about the IoT revolution and some interesting findings from NETSCOUT's latest industry report.
A Security Report Worth Reading
In this episode we talk about the new Malwarebytes 2020 State of Malware report and why I think you should read it.
Applying High Tech Security Technology for SMBs
Security technology will allow us to implement some pretty amazing defenses. The brightest technology minds around the world examine new and existing threats and vulnerabilities. Each new exploit brings the industry’s defensive methods and strategies to a sharper point.
One of the practical problems that continually surfaces in security technology is one of application. It does little good to devise highly technical defensive solutions if they are, in the end, too complicated for average businesses to deploy and manage.
Listen to what we learned about one company that addresses this problem every effectively.
Brilliance Security Magazine's Inaugural Foray in the World of Podcasts
Due to reader suggestions and the growing popularity of podcasts, we are adding this medium to Brilliance Security Magazine. Here you will find short but informative podcasts designed for security professionals and those interested in cyber and physical security.