Cyber Security Dispatch Andy Anderson & CSD Staff

An Interview with Arun Sood, CEO of SCIT LabsCyber Security Dispatch: Season 3, Episode 2Show Notes:
Welcome back to the Cyber Security Dispatch. This is the first in the new series of interviews focused on innovative technology in cyber security where we talk about new solutions to protect our data and systems. Today on the show we welcome Arun Sood, CEO of Self Cleansing Intrusion Tolerance (SCIT) Labs. He is the co-inventor of all six SCIT technology patents that are based on the research undertaken at his research center. In this episode, we are setting the clock on why controlling time matters. Arun is an expert on moving target defense and building resilience systems. He offers a refreshing perspective on how controlling time can give security teams a key advantage in stopping attacks and limiting the impact of those attacks. It is a really fascinating perspective and one that can help you see things differently. For all this and much more be sure to tune in!
Key Points From This Episode:
Understanding moving target defense.
The resilience requirement: continuity of operations.
Providing higher levels of security through diversity and redundancy.
How redundancy can be used to achieve a dual goal.
Understanding the concept of diversity.
How complexities affect cost: the additional expense.
Why you can’t change the implementation in a redundancy based approach.
Dwell time: a measure of how the server is performing.
Steps of a cyber-kill chain.
Understanding the SCIT system.
Thinking of data in three different ways.
Recovery systems in the cyber security space.
How to think about measuring success: what does it mean?
Two principle things to start with as a small user.
Choosing your throttle time.
And much more!
Links Mentioned in Today’s Episode:Arun Sood — http://scitlabs.com/about-us/team
Arun on LinkedIn — https://www.linkedin.com/in/arunsood/
SCIT Labs — http://scitlabs.com/
George Mason University — https://www2.gmu.edu/
Drupal — https://www.drupal.org/
WordPress — https://wordpress.com/
Introduction:
Welcome back to the Cyber Security Dispatch. This is the first in the new series of interviews focused on innovative technology in cyber security where we talk about new solutions to protect our data and systems. Today on the show we welcome Arun Sood, CEO of Self Cleansing Intrusion Tolerance (SCIT) Labs. He is the co-inventor of all six SCIT technology patents that are based on the research undertaken at his research center. In this episode, we are setting the clock on why controlling time matters. Arun is an expert on moving target defense and building resilience systems. He offers a refreshing perspective on how controlling time can give security teams a key advantage in stopping attacks and limiting the impact of those attacks. It is a really fascinating perspective and one that can help you see things differently. For all this and much more be sure to tune in!
TRANSCRIPT
[0:01:05.5] AS: I am Arun Sood and I am a professor at George Mason University but currently, research at George Mason has led to six packets and at one stage, we decided to start a university startup, we are a group affiliated to George Mason has equity shares in the company so there is a close relationship between the two things. I’m the founder of this and currently in the CEO but I see we have a chief architect, we have lots of people who are helping with us and how this is going to evolve is only time will tell.
[0:01:46.7] AA: Yeah, I think, you know, one of the things that was so interesting about what you got up to is you’re sort of focusing, you’re focused on moving target def

Today on the show we welcome with Christian Folini of ModSecurity. Christian is the author of The Modsecurity Handbook (2nd edition) and Co-Lead of the OWASP ModSecurity Core Rule Set project. He is also the program chair of the Swiss Cyber Storm conference, Vice-President of Swiss Cyber Experts and a partner and consultant at netnea.com. In this episode, we discuss Christian’s interesting path from PhD in Medieval History to becoming an expert in computer science. He also shares his fascinating work with the Swiss voting system and how E-voting is alive and happening in that country today. Will a system like this ever be possible in the US? We get into that too. We also get into some interesting discussions drawing parallels between Medieval social history and the what is happening with the internet today, in terms of open source technology. He also explains (in a way your grandparents will even understand) how a firewall works, whitelisting, blacklisting, IP addresses and malicious and non-malicious traffic. We also hear more about his strategies for reverse proxy and stopping D-DOS. A background in humanities has really served Christian well in the art of explanation, making this episode full of great imagery, good humor and information that even the dog next door might appreciate.

Welcome back to the Cyber Security Dispatch, in this episode we welcome Stephanie Crabb, the founder of Immersive. Stephanie is here discuss the role of her company in cyber security and data protection in the healthcare sector. Healthcare provides an unique and striking example of the cyber security concerns of the contemporary world with the intersection of the government, business interests and individual rights creating a very particular dynamic. We chat about Stephanie’s career arc up until now and then move on to situating the cyber security debate within the medical profession. We also discuss GDPR and HIPAA as well as the NIST Cybersecurity Framework. Stephanie’s knowledge and expertise in these areas is extensive and she generously shares much of her wisdom and perspective on these pertinent issues. For all this and much more be sure to tune in!

On today’s episode of the Cyber Security Dispatch we welcome the CEO of The Bit Bazaar, Erfan Ibrahim to talk about his groundbreaking ideas in the fields of security and resilience. Erfan’s expertise extends beyond the common cyber domains into the world of mechanical infrastructure and hardware and we hear all about the challenges that this dimension adds to the work. Erfan tells us about how he came up in the field and landed in his current position before deep diving on the topic of hardened and layered defenses, something that he sees as paramount to resilience. We then go on to chat about institutional architecture, mental models, confidentiality, ‘hyper-quiet’ networks, existent and legacy hardware and much more. So be sure to tune in for one of the most visionary and thoughtful conversations we have had the pleasure of hosting on this podcast.

In this episode of the Cyber Security Dispatch we welcome Michael Marriot of Digital Shadows, a company specializing in security from dark web threats. Although we often see to hear about the dark web and the dangers of these hidden portals of the internet, its very nature means it is often spoken about in the vaguest of terms. Michael gives us a quick dive into an understanding of what the dark web provides and why it is not always the bad place it is supposed to be. We look at the market places that are housed within the dark web and thus talk about the types of cyber crimes that typically occur in these spaces. Our guest does a great job of explaining just how his company can protect customers from these types of threats and we also discuss how more widespread proactive user behavior could lead to decreases in these threats. Michael offers a lot of insightful information on rippers, security strategies and criminal personas, so this is an episode you are not going to want to miss.

Today on the show we speak with Scott Laliberte, the former Information Security Systems Officer for the US Coastguard and Managing Director and Global Leader of the Cyber Security and Privacy Practice at the global consulting firm, Protiviti. In this episode, we discuss the necessary mindset shift that CISOs need to make and why we need to be using new technological toys, like AI and machine learning, to solve legacy issues. Scott shares his findings on how CISOs need to and are starting to talk the business language and how the changing narrative of what security does for business can lead to a more cohesive enterprise. We find out why acknowledging weaknesses, foregrounding transparency and “talking the talk”
can lead to a CISO’s longevity and success. In addition, we discuss the tech skills shortage and how the industry is working to create a balance between the experienced workforce and the new kids on the block.