Episode 100: Episode 208 - All Good Things...
It's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next.
Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content. We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that.
All of us would like to thank all of you for your support over the last 9 years. This started as just something Andy, Steve, and Martin did because they 'had things to say and didn't even care if anybody listened' and it's grown into more than any of us could have imagined. Joseph and Yvette joined them for the ride and added so much color and sparkle in every episode.
Thank you and we hope to be talking to you again.
Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon
It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released. "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.
Episode 98: Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich
Episode 206 - The Front Porch….
Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security.
In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting.
And, for the record, the “Aristocrat” cocktail at Atlas is something you must try.
I appreciate Duo Security and CBI for helping to make this dinner possible.
Episode 97: Episode 205 - LIve from BSides Atlanta!
We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018.
We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we hope to be there again next year.
Episode 96: Episode 204 - Evaluating Your Security Program: Communications Plan
Episode 204 - Evaluating Your Security Program: Communications Plan
Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In If Education & Awareness are how the employees engage the program then Communications is how the management team engage the program In business life, like everywhere else, if people don’t know who you are or what you do then they aren’t going to be willing or able to support you in times of crisis or need The higher up in the org you want to communicate the more deliberate your plan needs to be Why Even Consider Communications? Each sub-org needs to be considered CIO-org CFO-org COO-org CMO-org CCO-org Unless you report to the CEO the next person down in your chain is going to have to likely carry that water We will address the opportunities and dangers of directly engaging a CEO at some other podcast Notice that there is no “CEO-org” Determine the Audience(s) Updated status reports are better than a ‘newsletter’ Compelling progress reports (especially if validated by a third party) can be a huge gain If you invent something new it better be hugely valuable “Communication is what the listener does” Leverage Existing Comms Before Inventing Something New Get over yourself Really. “But this is just playing politics!”
Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping
Episode 203 - Evaluating Your Security Program: Threat Mapping
Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In How is this different from threat modeling? Threat modeling is listing what could happen to you. Threat mapping is mapping the holes in your program. What is “Threat Mapping”? Must have a assessment management program you can’t protect what you don’t know about This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have Map assets to known threats industry entry points technology Online threat maps What are you doing to know this? What controls do you currently have in place to mitigate or reduce the risk? Understand what your “real” threats are Apps Infrastructure 3rd parties etc Scope and prioritize - break down into areas to tackle How To Get Started Scorecard (KRI) What is important and helpful Risk Registry How To Measure Use your risk registry or GRC tool to track progress and keep management updated. You need them onboard to improve. once you have some areas mapped don’t ignore them implement solid change control and change management processes keep risk scores updated so you aren’t focusing on unimportant things How To Improve/Modify