CSO Perspectives (public‪)‬ N2K Networks

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.”
References:
Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads.
Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project.
Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University.
Rick Howard Cybersecurity Canon Concierge
Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.
RSA Conference Bookstore
JC Vega: May 6, 2024 | 02:00 PM PDT
Rick Howard: May 7, 2024 | 02:00 PM PDT
Helen Patton: May 8, 2024 | 02:00 PM PDT
Rick Howard RSA Birds of a Feather Session: 
I'm hosting a small group discussion called “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion.
If you want to engage in a lively discussion about the infosec profession, this is the event for you. 
May. 7, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard RSA Book Signing
I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you.
RSA Conference Bookstore
May 8, 2024 | 02:00 PM PDT
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
Rick Howard Cyware Panel: 
The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103
May 8, 2024 | 8:30am-11am PST
Simone Petrella and Rick Howard RSA Presentation: 
Location: Moscone South Esplanade level
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.”
References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube.
Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
RSA Presentation: 
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.
Learn more about your ad choices. Visit megaphone.fm/adchoices

In this bonus episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire honors U.S. veterans on the national holiday.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai’s Advisory CISO.
Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks [Journal Article]. The Cyber Defense Review. URL https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2420129/implementing-intrusion-kill-chain-strategies-by-creating-defensive-campaign-adv/
Staff, 2023. The Ultimate Guide to Sigma Rules [Blog]. THE GRAYLOG BLOG. URL https://graylog.org/post/the-ultimate-guide-to-sigma-rules/
Seuss, Dr., 1990. Oh, the Places You’ll Go! [Book]. Goodreads. URL https://www.goodreads.com/book/show/191139.Oh_the_Places_You_ll_Go_?ref=nav_sb_ss_1_14
Beriro, S., ishmael, stacy-marie, 2023. Crypto Hackers Stole Record Amount in 2022, Fueled by North Korea’s Lazarus [Podcast]. Bloomberg. URL https://www.bloomberg.com/news/articles/2023-02-23/crypto-hackers-stole-record-amount-in-2022-fueled-by-north-korea-s-lazarus
cisagov, 2023. Decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. [Code Repository]. GitHub. URL https://github.com/cisagov/Decider/
Hutchins, E., Cloppert, M., Amin, R., 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [White Paper]. Lockheed Martin. URL https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
JupiterDoc, 2011. Law & Order Full Theme (High Quality) [Theme]. YouTube. URL https://www.youtube.com/watch?v=xz4-aEGvqQM
Nickels, K, 2019. Introduction to ATT&CK Navigator [Video]. YouTube. URL https://www.youtube.com/watch?v=pcclNdwG8Vs
Page, C., 2022. US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft [website]. TechCrunch. URL https://techcrunch.com/2022/04/15/us-officials-link-north-korean-lazarus-hackers-to-625m-axie-infinity-crypto-theft/
Page, C., 2022. North Korean Lazarus hackers linked to $100M Harmony bridge theft [Website]. TechCrunch. URL https://techcrunch.com/2022/06/30/north-korea-lazarus-harmony-theft/
Staff, n.d. Lazarus Group (G0032) [Wiki]. Mitre ATT&CK Navigator. URL https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0032%2FG0032-enterprise-layer.json
Staff, n.d. Lazarus Group, Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 [Wiki]. MITRE ATT&CK®. URL https://attack.mitre.org/groups/G0032/
Staff, n.d. Lazarus Group [Wiki]. Tidal Cyber. URL https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08-Lazarus%20Group
Staff, January 2023. Best Practices for MITRE ATT&CK® Mapping [White Paper]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
Staff, March 2023. CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping [Announcement]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping
Staff, n.d. List of top Cryptocurrency Companies - Crunchbase Hub Profile [Website]. Crunchbase. URL https://www.crunchbase.com/hub/cryptocurrency-companies
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B., 2020. ATTACK Design and Philosophy March 2020 Revision [White Paper]. Mitre. URL https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf
Lear

Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of cybersecurity risk forecasting with guests Fred Kneip, CyberGRX’s founder and President of ProcessUnity, and Kevin Richards, Cyber Risk Solutions President.
Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.  
Howard, R., 2023. Bonus Episode: 2023 Cybersecurity Canon Hall of Fame inductee: Superforecasting: The Art and Science of Prediction by Dr Phil Tetlock and Dr Dan Gardner. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/5567/notes
Howard, R., 2022. Risk Forecasting with Bayes Rule: A practical example. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/88/notes
Howard, R, 2023. Superforecasting: The Art and Science of Prediction [Book review]. Cybersecurity Canon Project. URL icdt.osu.edu/superforecasting-art-and-science-prediction.
Howard, R., 2022. Two risk forecasting data scientists, and Rick, walk into a bar. [Podcast]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives/89/notes
Howard, R., Freund, J., Jones, J., 2016. 2016 Cyber Canon Inductee - Measuring and Managing Information Risk: A FAIR approach [Interview]. YouTube. URL https://www.youtube.com/watch?v=vxBpAnSBaGM
Hubbard , D.W., Seiersen, R., 2016. How to Measure Anything in Cybersecurity Risk [Book]. Goodreads. URL https://www.goodreads.com/book/show/26518108-how-to-measure-anything-in-cybersecurity-risk
Clark, B., Seiersen , R., Hubbard, D., 2017. “How To Measure Anything in Cybersecurity Risk” - Cybersecurity Canon 2017 [Interview]. YouTube. URL https://www.youtube.com/watch?v=2o_mAavdabg&t=93s
Freund, J., Jones, J., 2014. Measuring and Managing Information Risk: A FAIR Approach [Book]. Goodreads. URL https://www.goodreads.com/book/show/22637927-measuring-and-managing-information-risk
Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. URL https://corpgov.law.harvard.edu/2021/05/01/corporate-governance-update-materiality-in-america-and-abroad/
Posner, C., 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Essay]. The Harvard Law School Forum on Corporate Governance. URL https://corpgov.law.harvard.edu/2023/08/09/sec-adopts-final-rules-on-cybersecurity-disclosure/
Linden, L.V., Kneip, F., Squier, Suzie , 2022. Threats Across the Globe & Benchmarking with CyberGRX [Podcast]. Retail & Hospitality ISAC Podcast. URL https://pca.st/a49enjb1
Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission. URL https://www.sec.gov/news/statement/lizarraga-statement-cybersecurity-072623
Staff, 2022. Benchmarking Cyber-Risk Quantification [Survey]. Gartner. URL https://www.gartner.com/en/publications/benchmarking-cyber-risk-quantification
Tetlock, P.E., Gardner, D., 2015. Superforecasting: The Art and Science of Prediction [Book]. Goodreads. URL https://www.goodreads.com/book/show/23995360-superforecasting
Winterfeld, S., 2014. How to Measure Anything in Cybersecurity Risk [Book review]. Cybersecurity Canon Project. URL https://icdt.osu.edu/how-measure-anything-cybersecurity-risk
Learn more about your ad choices. Visit megaphone.fm/adchoices