CSO Perspectives (public‪)‬ N2K Networks

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene’s VP of Security, and Milad Aslaner, Sentinel One’s XDR Product Manager.
References:
Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber.
Daniel Suarez, 2006. Daemon [Book]. Goodreads.
Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet.
Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation.
Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services.
Nir Zuk, 2018. Palo Alto Networks Ignite USA ’18 Keynote [Presentation]. YouTube.
Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube.
Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat.
Rick Howard, 2020. Daemon [Podcast]. Word Notes.
Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub.
Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike.
Staff, 2020. Log Formats – a (Mostly) Complete Guide [Explainer]. Graylog.
Stephen Watts, 2023. Common Event Format (CEF): An Introduction [Explainer]. Splunk.
Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy D’Hoinne, 2023. Market Guide for Extended Detection and Response [Essay]. Gartner.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO.
References:
Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption.
Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes.
Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb.
Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica.
David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance.
Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360.
Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn.
Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post.
Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book]. Goodreads.
Kim Zetter, 2023. SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY.
Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED.
Rick Howard, 2022. Cyber sand table series: OPM [Podcast]. The CyberWire - CSO Perspectives Podcast.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
Pam Baker, 2021. The SolarWinds hack timeline: Who knew what, and when? [Timeline]. CSO Online.
Staff, 2009. Generally Accepted Accounting Principles (Topic 105) [Standard]. PWC.
Staff. 30 October 2023. SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures [Website]. The U.S. Securities and Exchange Commision.
Staff, 31 October 2023. Securities and Exchange Commission v. SolarWinds Corporation and Timothy G. Brown, No. 23-civ-9518 (SDNY) [Case]. The Securities and Exchange Commission.
Staff, 29 March 2024. Cooley, Cybersecurity Leaders File Brief Opposing SEC’s SolarWinds Cyberattack Case [Press Release]. Cooley.
Stephanie Pell, Jennifer Lee , Shoba Pillay, Jen Patja Howell, 2024. The SEC SolarWinds Enforcement Action [Podcast]. The Lawfare Podcast.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day.
References:
Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online.
Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY.
Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History.
Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY.
General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube.
JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College.
John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music.
John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe.
Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times.
Paul Robeson, 2021. John Brown’s Body [Song]. YouTube.
Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb.
Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College.
Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust.
Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives.
Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.”
References:
Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads.
Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project.
Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University.
Rick Howard Cybersecurity Canon Concierge
Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.
RSA Conference Bookstore
JC Vega: May 6, 2024 | 02:00 PM PDT
Rick Howard: May 7, 2024 | 02:00 PM PDT
Helen Patton: May 8, 2024 | 02:00 PM PDT
Rick Howard RSA Birds of a Feather Session: 
I'm hosting a small group discussion called “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion.
If you want to engage in a lively discussion about the infosec profession, this is the event for you. 
May. 7, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard RSA Book Signing
I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you.
RSA Conference Bookstore
May 8, 2024 | 02:00 PM PDT
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
Rick Howard Cyware Panel: 
The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103
May 8, 2024 | 8:30am-11am PST
Simone Petrella and Rick Howard RSA Presentation: 
Location: Moscone South Esplanade level
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.”
References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube.
Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
RSA Presentation: 
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices

In this bonus episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.
Learn more about your ad choices. Visit megaphone.fm/adchoices